Systems and methods for device verification and authentication

ABSTRACT

In methods, systems, and computing devices configured to implement methods of authenticating a computing device, a first computing device and a second computing device may share a dynamically updated shared data set. The first computing device may select elements of the shared data set stored at the first computing device and may generate a rule set for extracting the selected elements from the shared data set. The first computing device may send the rule set to the second computing device, and may generate a first result using the selected elements. The second computing device may extract the selected elements from the shared data set using the rule set, may generate a second result, and may send the second result to the first computing device. The first computing device may determine whether the second computing device is authenticated based on whether the first result matches the second result.

BACKGROUND

The development of a digital environment has enabled a vast expansion inrapid communication and information transactions, among other things.However, the security paradigm used in this new environment is ancient:the concept of shared secrets and the concomitant trust. The paradigm ofthe shared secret has been incorporated into the digital environment innumerous ways—from usernames and passwords, to secure communicationsbetween users and systems. For example, this concept is foundational tothe Secure Socket Layer, Certificate Authority, Public Key Informationsecurity infrastructure.

However, the digital environment is one in which secrets are difficultto keep for more than a short period of time, and once secrecy is lostthe formerly secret information may be proliferated rapidly and withcomplete fidelity. The digital environment is also one in which sharedsecrets and credentials have become a primary target of “hacking” thathas transformed many “secrets” (e.g., passwords, digital certificates,private information and other types of authentication data) into acommodity freely traded on the gray and black markets, destroying thebenefit of such secrets for securing digital exchanges. Yet, theunderlying security mechanism of the digital environment remainsdependent upon the safe operation of this false assumption that thesecret is still secret.

Verification of the presented identity of a computing device is acritical aspect of numerous electronic communications. However, thevulnerability of shared secrets, as well as the vulnerability ofcommunications in transmission, dramatically undermines the reliabilityand security of digital certificates or other similar information fortrusted device identity verification.

SUMMARY

Various embodiments include methods of dynamically altering a data setthat is shared between a first computing device and a second computingdevice. Various embodiments may include determining whether a data setupdate trigger has occurred, generating an instruction to alter theshared data set in response to determining that the data set updatetrigger has occurred, altering the shared data set stored in the memoryaccording to the generated instruction, and sending the generatedinstruction to a second computing device to alter the shared data set atthe second computing device according to the generated instruction.

In some embodiments, generating an instruction to alter the shared dataset in response to determining that the data set update trigger hasoccurred may include generating an instruction to add a new portion tothe shared data set based on data inputs received at the first computingdevice. In some embodiments, generating an instruction to alter theshared data set in response to determining that the data set updatetrigger has occurred may include generating an instruction to subtract aportion of the shared data set. In some embodiments, generating aninstruction to alter the shared data set in response to determining thatthe data set update trigger has occurred may include generating aninstruction to re-order the shared data set. In some embodiments,generating an instruction to alter the shared data set in response todetermining that the data set update trigger has occurred may includegenerating an instruction to transform the shared data set.

In some embodiments, the method may further include selecting elementsfrom the shared data set stored in the memory, generating a rule set forextracting the selected elements from the shared data set, and sendingthe rule set to the second computing device. In such embodiments themethod may further include transforming the selected elements togenerate a first result, receiving from the second computing device asecond result based on the rule set, determining whether the firstresult matches the second result, and determining whether the secondcomputing device is authenticated based on whether the first resultmatches the second result.

Various embodiments include methods of authenticating computing devices.Various embodiments may include selecting, by a processor of a firstcomputing device, elements from a shared data set stored at the firstcomputing device, wherein the shared data set is also stored at thesecond computing device, generating, by the processor of the firstcomputing device, a rule set for extracting the selected elements fromthe shared data set, transforming, by the processor of the firstcomputing device, the selected elements to generate a first result, andsending, by the processor of the first computing device, the rule set tothe second computing device. Various embodiments may include receiving,by a processor of the second computing device, the rule set from thefirst computing device, extracting, by the processor of the secondcomputing device, the selected elements from the shared data set storedat the second computing device using the rule set, transforming, by theprocessor of the second computing device, the extracted elements togenerate a second result, and sending, by the processor of the secondcomputing device, the generated second result to the first computingdevice;

Various embodiments may include determining, by the processor of thefirst computing device, whether the first result matches the secondresult, and determining, by the processor of the first computing device,whether the second computing device is authenticated based on whetherthe first result matches the second result.

In some embodiments, generating the rule set for extracting the selectedelements from the shared data set may be performed prior to theselecting elements from the shared data set. Some embodiments mayfurther include sending, by the processor of the first computing deviceto the second computing device, an indication of whether the secondcomputing device is authenticated based on whether the first resultmatches the second result.

In some embodiments, selecting, by the processor of the first computingdevice, elements from the shared data set stored at the first computingdevice, wherein the shared data set is further stored at the secondcomputing device may include selecting, by the processor of the firstcomputing device, one or more portions of the shared data set, andselecting, by the processor of the first computing device, two or moreelements from among the one or more portions of the shared data set.

In some embodiments, selecting, by the processor of the first computingdevice, elements from the shared data set stored at the first computingdevice, wherein the shared data set is further stored at the secondcomputing device may include selecting one of the two or more elementsas a primary element.

In some embodiments, generating, by the processor of the first computingdevice, a rule set for extracting the selected elements from the shareddata set may further include determining, by the processor of the firstcomputing device, one or more relationships between the selected two ormore elements, and generating, by the processor of the first computingdevice, the rule set based on the determined one or more relationshipsbetween the selected two or more elements.

In some embodiments, extracting, by the processor of the first computingdevice, the selected elements from the shared data set stored at thesecond computing device using the rule set may include identifying, bythe processor of the first computing device, one or more elements of theshared data set indicated in the rule set, identifying, by the processorof the first computing device, one or more relationships between theselected two or more elements indicated in the rule set, and extracting,by the processor of the first computing device, the one or more elementsfrom the shared data set using the identified one or more elements andthe one or more relationships. In some embodiments, the shared data setmay include one or more transitory identities.

Various embodiments further include computing devices configured withprocessor-executable instructions to perform operations of the methodssummarized above. Various embodiments further include a system includinga first computing device and a second computing device, each configuredto perform operations of the methods summarized above.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated herein and constitutepart of this specification, illustrate example embodiments of theinvention, and together with the general description given above and thedetailed description given below, serve to explain the features of theinvention.

FIGS. 1A-1C are component block diagrams of a communication systemsuitable for use with various embodiments.

FIG. 2 is a component block diagram of a communication device suitablefor use with various embodiments.

FIG. 3A is a process flow diagram illustrating a method ofauthenticating one computing device to another computing deviceaccording to various embodiments.

FIG. 3B is a message flow diagram illustrating another method ofauthenticating one computing device to another computing deviceaccording to various embodiments.

FIG. 3C illustrates a method 300 a of operations executed by the firstcomputing device as part of the method 300 according to variousembodiments.

FIG. 3D illustrates a method 300 b of operations executed by the secondcomputing device as part of the method 300 according to variousembodiments.

FIG. 3E illustrates a method 300 c of operations executed by the thirdcomputing device as part of the method 300 according to variousembodiments.

FIG. 4 illustrates a method 400 of dynamically altering a shared dataset according to various embodiments.

FIG. 5 illustrates relationships among elements of portions of a dataset 500 according to various embodiments.

FIGS. 6A-6D illustrate relationships among elements of portions ofshared data sets 600 a-600 d according to various embodiments.

FIG. 7 illustrates a method 700 of authenticating a second computingdevice by a first computing device according to various embodiments.

FIG. 8 illustrates a method 800 of operations executed by the firstcomputing device as part of the method 700 according to variousembodiments.

FIG. 9. illustrates a method 900 of operations executed by the firstcomputing device as part of the method 700 according to variousembodiments.

FIG. 10 illustrates a method 1000 of operations executed by the secondcomputing device as part of the method 700 according to variousembodiments.

FIG. 11 illustrates a method 1100 of bi-directionally authenticating afirst computing device and a second computing device according tovarious embodiments.

FIG. 12 illustrates a method 1200 of authenticating a first computingdevice to a second computing device according to various embodiments.

FIG. 13 illustrates a method 1300 ofbi-directionally authenticating afirst computing device and a second computing device according tovarious embodiments.

FIG. 14 is a component block diagram of a mobile wireless computingdevice suitable for implementing various embodiments.

FIG. 15 is a component block diagram of a portable wirelesscommunication device suitable for implementing various embodiments.

FIG. 16 is a component block diagram of a server device suitable forimplementing various embodiments.

DETAILED DESCRIPTION

The various embodiments will be described in detail with reference tothe accompanying drawings. Wherever possible, the same reference numberswill be used throughout the drawings to refer to the same or like parts.References made to particular examples and implementations are forillustrative purposes, and are not intended to limit the scope of theinvention or the claims.

Various embodiments provide methods, and computing devices (or otherdigital or programmable devices) configured to implement the methods,that enable authenticating of a computing device to other computingdevices in a communication system based on dynamic informationassociated with a computing device that does not rely on the paradigm ofshared secrets and static information.

Because the transitory identity of each computing device is periodicallyor aperiodically changing, and each computing device is in periodic oraperiodic communication with other computing devices (synchronously orasynchronously) sending and/or receiving new transitory identities,various embodiments improve the security function of any communicationnetwork or any electronic communication system by improving the securityof communications. Various embodiments also improve the securityfunction of any communication network by reliably authenticating theidentity of a participating computing device without relying on easilycompromised static identification information, such as a shared secret,that may be vulnerable to attack by access and/or copying.

The term “computing device” refers to any programmable computer orprocessor that can be configured with programmable instructions toperform various embodiment methods. A computing device may include oneor all of personal computers, laptop computers, tablet computers,cellular telephones, smartphones, Internet enabled cellular telephones,Wi-Fi enabled electronic devices, personal data assistants (PDAs),wearable computing devices (including smart watches, necklaces,medallions, and any computing device configured to be worn, attached toa wearable item, or embedded in a wearable item), wireless accessorydevices, memory sticks, dongles, wireless peripheral devices, Internetof Things (IoT) devices, network elements such as servers, routers,gateways, and the like (including so-called “cloud” computing devices),and similar electronic devices equipped with a short-range radio (e.g.,a Bluetooth, Peanut, ZigBee, and/or Wi-Fi radio, etc.) and/or a widearea network connection (e.g., using one or more cellular radio accesstechnologies to communicate using a wireless wide area networktransceiver, or a wired connection to a communication network).

As used herein, the term “information transaction” refers to anycommunication or other exchange of information in which the identity ofthe participating devices may be authenticated. In some embodiments, themethods and computing devices configured to implement the methodsdescribed herein may be implemented in a variety of contexts in whichthe identity of the participating devices may be authenticated, such ashealth care record management, secure communications (e.g., government,business, intelligence community, etc.), public records managementsystems, voting systems, financial services systems, security brokeragesystems, and many others. In some embodiments, the methods and computingdevices configured to implement the methods described herein may beimplemented in IoT devices, or among IoT devices and an IoT devicecontroller, such as a router, server, IoT hub, or another similardevice. In particular, various embodiments, when implemented in an IoTenvironment, may be of particular use in preventing distributed denialof service (DDoS) attacks, without human intervention. In someembodiments, the methods and computing devices configured to implementthe methods described herein may be implemented in autonomous vehicles,semiautonomous vehicles, and remotely directed vehicles.

In some embodiments, the methods and computing devices configured toimplement the methods described herein may authenticate theparticipation of a computing device in an information transaction. Insome embodiments, the methods and computing devices configured toimplement the methods described herein may be implemented in the contextof a commercial transaction, to enable performance of a non-repudiablecommercial transaction in which, because the participation of specificcomputing devices may be authenticated, a participant may be unable tolater deny participation in the transaction (such as, for example, acard-not-present financial transaction).

The terms “component,” “system,” and the like are intended to include acomputer-related entity, such as, but not limited to, hardware,firmware, a combination of hardware and software, software, or softwarein execution, which are configured to perform particular operations orfunctions. For example, a component may be, but is not limited to, aprocess running on a processor, an object, an executable, a thread ofexecution, a program, and/or a computer. By way of illustration, both anapplication running on a wireless device and the wireless device itselfmay be referred to as a component. One or more components may residewithin a process and/or thread of execution and a component may belocalized on one processor or core and/or distributed between two ormore processors or cores. In addition, these components may execute fromvarious non-transitory computer readable media having variousinstructions and/or data structures stored thereon. Components maycommunicate by way of local and/or remote processes, function orprocedure calls, electronic signals, data packets, memory read/writes,and other known computer, processor, and/or process relatedcommunication methodologies.

Among other things, the digital environment enables rapid communicationand information transactions on up to a global scale. However, thecurrent digital environment rests on a shaky security foundation: theold paradigm of the static shared secret. There are numerous fundamentaldifferences between the purely human environment we operated in forthousands of years until the late 20th century and the digitalenvironment we operate in today.

Further, the digital environment is one in which secrets are difficultto keep over time. Once secrecy is lost the formerly secret informationmay be proliferated rapidly and with complete fidelity and used by anattackers.

Breakdowns in digital system security, resulting in massive databreaches, have become nearly commonplace and the frequency of theiroccurrence has accelerated.

Indeed, the emergence of the cyber security industry is indicative ofthe endemic failure of security in general throughout the digitalenvironment. As but one example, cybercrimes such as identity fraud areamong the fastest growing crimes, with threats continuing to acceleratein capability and scale. The proliferation of network-connected devices,including smart phones, wearable computers, gaming systems, Internet ofThings devices, and the like is exacerbating the scale and extent ofdigital security risks. For example, many of these devices are eitherthemselves untrustworthy or are interacting with untrustworthy mobilenetworks, and few such devices have the computing power to performtraditional security functions of familiar desktops and laptops.

In the majority of the breach incidents, a violation of trust or themisuse of a shared secret (e.g., a credential) is at the root of thefailure. While in certain cases a particular security failure may be dueto a lack of strength in the technology employed to provide the trustand security, in general security failures in the digital environmenthave occurred in a wide variety of industries using a variety oftechnology deployments. Security failures occur across the board and areattributable not only to any particular deployed technology, but also tothe practices and procedures inherent to its application and use. Thus,security failures in the digital environment are due to something morefundamental and endemic in the root strategy of the trust paradigm ofthe shared secret that has failed.

The current paradigm of digital security fails for at least threefundamental reasons: (1) the current paradigm is based on trust, andtrust is what fails; (2) the current paradigm is based on stable orstatic shared secrets, but the secrets do not remain secret, and are asuseful to an attacker as to an authorized user; and (3) the vastmajority of information transactions are between anonymous parties.Thus, “trusted systems” ultimately do not work because they arepenetrable and vulnerable. Moreover, current “trusted systems” arevulnerable to penetration and exploitation in large part due to the useof static or durable information that does not vary with time (orduration); and failures of policy and human factors (e.g., socialengineering, negligence, etc.).

Further, the verification of a computing device's purported identity isa critical aspect of numerous electronic communications. However, thevulnerability of shared secrets, as well as the vulnerability ofcommunications in transmission, dramatically undermines the reliabilityof digital certificates or other similar information for reliable deviceidentity verification.

Various embodiments disclosed in this application address the securityvulnerability of digital systems and provide electronic security fordevice-to-device communication as well as for enhanced userauthentication. Various embodiments provide computer-implemented methodsto provide for continuous refreshing and changing of digitalcertificates. Various embodiments incorporate the assumption thattrusted systems ultimately are demonstrably insecure, because suchsystems are penetrable and vulnerable. Various embodiments provide adigital communication system that assumes no trust among various networkelements, for at least the reason that the digital environment isinherently untrustworthy. The emergence of the field of cybersecurity isa response to this endemic failure.

Various embodiments change the way devices are authenticated on networksby generating and sharing authenticating information of such limitedduration that it cannot be effectively used by an attacker. The commonthreat vector is typically theft of the authenticating information,rather than use of computing power to decrypt encoded authenticatinginformation. In various embodiments, the duration during which theauthenticating information may be used may be relatively short, such asa duration of minutes. This contrast with the effective duration ofcertificates from a conventional certifying authority (CA), which mayhave a duration of up to decades in some cases. In some embodiments, theduration of the authenticating information may be determined to beshorter than the time it takes an attacker to obtain and exploit theinformation. Various embodiments are based on the assumption that theauthenticating information is potentially vulnerable and may be obtainedby an attacker, and the validity duration of the authenticatinginformation may be determined such that its usefulness forauthentication expires before an adversary can discover and exploit it.For example, based on state of the art computing capabilities, an amountof time required to decrypt a commonly used encryption hash (e.g., MD5,SHA2, etc.) using brute force may be determined. In various embodiments,the validity duration of authentication information may change asadvancements in computing technologies reduce the time required todiscover and decrypt such information. In some embodiments, the systemmay determine a validity duration for authenticating information that isshorter than the determined time required to decrypt the encryptedinformation.

The relatively short useful duration of the authenticating informationreduces by orders of magnitude the possibility of such authenticatinginformation being guessed, accessed or “hacked” and then used as a meansof attacking the system. Using such authenticating information enablesthe system to authorize only desired devices and to deny access tounauthorized devices, even when such unauthorized devices presentpreviously-acceptable username and passwords, certificates or otheraccess credentials. Thus, various embodiments further enable existingsecurity technologies and components to preclude access to a device orsystem by attackers who have obtained perfect copies of legitimate userlogin credentials. Various embodiments may be applied in other securityapplications utilizing one-time passwords, such as cloud security, aswell as on a wide range of devices, including Internet of Things (IoT)devices. Various embodiments may be applied to authenticatecommunications among a variety of devices, such as computing devicesthat may be targets of attack or subordination for recruitment in theperformance of a distributed denial of service (DDoS) attack.

In various embodiments, computing devices perform a bi-directional,three-way authentication in which each computing device periodically (oraperiodically) generates an ephemeral “transitory identity” usingdynamic and/or static state aspects (alone or in combination) of thecomputing device. The transitory identities generated by each computingdevice may be exchanged and authenticated by two (or more) othercomputing devices. Transitory identities may be used with existingsecurity methodologies, including hashing techniques, updated keystones,updated Trust Anchors, Client Certificate Mapping, Active Directory,Internet Information Services (IIS) Client Certificate Mapping, digitalcertificates, a trusted third-party, and other security mechanisms.Various embodiments may defeat attempts to impersonate an authorizedcomputing device, such as an attempt to login to a computer network oronline environment by an unauthorized user possessing the credentials ofan authorized user. Various embodiments may also provide securecommunications between digital devices of any kind on any network. Thus,various embodiments may provide secure, creditable and authenticatedcommunication between computing devices on a communication network thateliminates the common vulnerabilities of conventional authenticationtechnologies.

In various embodiments, a transitory identity may be generateddynamically, such as based at least in part on one or more changing ordynamic states of the computing device that generates the transitoryidentity, or dynamic information obtained by a sensor within thecomputing device (e.g., a camera, microphone, accelerometer, etc.). Insome embodiments, a computing device may generate its own transitoryidentity. In some embodiments, another computing device, such as anauthentication server, may generate the transitory identity for thecomputing device, and the transitory identify may be pushed to thecomputing device, pulled from the server by the computing device, oracquired from another source (e.g., over a communication network).

In some embodiments, a given transitory identity may be used only once.In such embodiments, a transitory identity that has been used maythereafter be unusable.

In various embodiments, time is a critical element of transitoryidentities. For example, the expiration of a transitory identity may belimited to a reasonable length of time that a secret can be expected tobe kept. In various embodiments, the computing device may determine atime bound or time duration of a transitory identity such that thetransitory identity is useful for a length of time that is shorter thana time required for an attacker to guess or acquire the transitoryidentity and use it in a successful attack, such as access to a securenetwork or completion of a secured transaction. Beyond the time bound ortime duration, the transitory identity may be unusable forauthentication of any computing device. The duration of a transitoryidentity may be shorter than the duration of a given communicationsession (e.g., a VPN session or an Internet shopping and purchasesession). In such situations, a new transitory identity may be generatedfor the computing device during the communication session and used insecuring data exchanges within the communication session afterexpiration of the old transitory identity.

In some embodiments, the dynamic aspects of the generating computingdevice used in generating transitory identities will change frequentlyor continuously so that each transitory identity is based on different(i.e., changed) data. In such embodiments, each generated transitoryidentity may include unique data (that may be represented by a string ofdata) that represents a “snapshot” of a dynamic state of the generatingcomputing device at the time that the transitory identity is generated.Various embodiments use the unique data (or unique data string)generated by reference to one or more constantly changing conditions asa basis for generating a unique dynamic certificate. As a result, it isextremely difficult for an attacker to discover the basis for generatingtransitory identities in an attempt to generate counterfeit identities.

In some embodiments, computing devices may exchange information orotherwise negotiate a timing of when each computing device may generatea new transitory identity. In some embodiments, a computing device(e.g., a server) may instruct another computing device (e.g., a userdevice) to generate a new transitory identity. Such coordination ofgenerating new transitory identities may enable frequent changes intransitory identities during an extended digital communication session.

In some embodiments, a computing device may include a module, such as atransitory identity module, that may store a small unit of staticinformation. The information may include text, an image, biometricinformation, and the like. In some embodiments, a computing device maycombine dynamic information with the static information to generate thetransitory identity. By adding dynamic information to staticinformation, an entire string information may be changed by altering asmall element. Further, a hash of the combined dynamic information andstatic information will be different from a hash of the staticinformation alone, without requiring alteration of the entire data set.

In some embodiments, each computing device participating in acommunication system may generate a transitory identity. Eachparticipating communication device may send its generated transitoryidentity to an authentication server, which may function as a repositoryof the real-time generated transitory identities. For example, twoendpoint computing devices (e.g., a first computing device and a secondcomputing device) may each generate transitory identities, and may eachsend their generated transitory identity to the other computing deviceand to an authentication server (e.g., a third computing device). Insome embodiments, the first computing device may send a query to theauthentication server that includes the transitory identity that thefirst computing device received from the second computing device,requesting that the authentication server authenticate the transitoryidentity of the second computing device. The third computing device maycompare the second computing device's transitory identities receivedfrom both the second computing device and the first computing device. Inresponse to determining that the transitory identities match, the thirdcomputing device may send to the first computing device an indication ofauthentication success of the second computing device. In someembodiments, the indication of authentication success may be transmittedby the third computing device using methods configured to defeatman-in-the-middle attacks. In various embodiments, the third computingdevice may function as a repository in a variety of applications,including, but not limited to financial services systems, securitybrokerage systems, healthcare record management systems, securecommunication systems for business, government, intelligence community,etc., public records systems (e.g., firearm registries, Departments ofMotor Vehicles, etc.), voting systems, and among Internet of Thingsdevices.

In response to determining that the transitory identities do not match,the third computing device may send to the first computing device anindication of authentication failure of the second computing device. Insome embodiments, the indication of authentication failure may betransmitted by the third computing device using methods configured todefeat man-in-the-middle attacks.

In some embodiments, the authentication server (the third computingdevice) may also generate a transitory identity and send the thirdcomputing device transitory identity to the first and second computingdevices, and the first and second computing devices may compare thethird computing device transitory identity and authenticate forthemselves the identity of the third computing device.

In some embodiments, the third computing device, together with itstransitory identity or separate from its transitory identity, may sendan instruction to other computing devices (e.g., the first and secondcomputing devices) to generate a new transitory identity. In variousembodiments, each computing device participating in the communicationsystem may periodically or aperiodically generate a new transitoryidentity. During an ongoing communication session, such new transitoryidentities may be generated sufficiently before the expiration of one ormore current transitory identities securing the communication session toenable the two computing devices and the third computing device tocomplete the exchanges and authentications of the new transitoryidentities so that the communication session can continue uninterruptedand secured by the new identities. In some embodiments, each newtransitory identity may be set for single use, such that each computingdevice that receives a transitory identity from another computing devicemay only use (interact with, authenticate, process, hash, etc.) atransitory identity once, after which the received transitory identitybecomes unusable. Again, a lifetime may be set for each new transitoryidentity for a time duration that is less than a period of time in whichan attacker may obtain and use the transitory identity.

Various embodiments may operate to quickly restore security after asuccessful attack. In various embodiments, a successful attack on theauthentication server or another device participating in the system willnot compromise system security for any significant period of time, sinceany exfiltrated credential information is of no lasting value to theattacker, as it will all expire before it can be exploited. Thus, theauthentication system may not be compromised by attacking theauthentication server. Various embodiments provide a communicationsystem that is durable and sustainable and that operates successfully inan environment in which any and every component is likely to besuccessfully attacked and compromised.

In some embodiments, a first computing device and a second computingdevice may establish a trusted relationship based on a previously-shareddata hash (e.g., using a hashing algorithm such as MD5, SHA1, or SHA2).The previously-shared data hash may be created, for example, from astored and shared time-based one-time password algorithm (e.g., InternetEngineering Task Force RFC 6238, Temporary One-Time Password (TOTP),etc.). Such a previously-shared data hash may be stored in memory on thefirst computing device and/or the second computing device. In someembodiments, the second computing device may initiate a session, such asan information transaction session or communication session, when thesecond computing device receives from the first computing device logindata, such as a username and password, that may be associated with anaccount or session identifier. In such embodiments, while the login datamay be used to identify the account or the session, the login data maynot be used for purposes of communication security or authentication ofany computing device or user.

In some embodiments, the first computing device may generate atransitory identity and send the transitory identity to the seconddevice together with the login data, or separately from the login data.The first computing device may generate the transitory identity based ondynamic and/or static aspects of or determined by the first computingdevice. In some embodiments, dynamic aspects of the first computingdevice may include aspects of the first computing device that changerelatively rapidly, such as a clock time, a chip state, a registerstate, information received or detected by a sensor of the computingdevice (e.g., an accelerometer, optical sensor, temperature, humidity,and the like), location information from a Global Positioning System(GPS) device or a Wi-Fi signal, or any other source of data based on adynamic aspect of the first computing device.

In some embodiments, dynamic aspects determined the first computingdevice may include an image or video clip captured by a camera, a soundclip of ambient sounds captured by a microphone, an audio video clipcaptured by a camera and microphone, or any other information regardinga surroundings or ambient conditions of the first computing device. Insome embodiments, dynamic aspects may be obtained from other sourcesthat are random and frequently changing, such as external sensors andexternal sources of random information.

The second computing device may send an authentication query to a thirdcomputing device, which may function as an authentication server orcertificate authority.

In some embodiments, the authentication query may include the transitoryidentity generated by the first computing device. In some embodiments,the authentication server may store the first computing device'stransitory identity.

Based on the authentication query from the second computing device, thethird computing device may send an authentication query to the firstcomputing device. Responsive to the authentication query from the thirdcomputing device, the first computing device may send first computingdevice's transitory identity to the third computing device. In someembodiments, the first computing device may generate a hash of the firstcomputing device transitory identity, and may send the generated hash ofthe first computing device's transitory identity to the third computingdevice.

In some embodiments, the third computing device may compare the firstcomputing device's transitory identity received from the secondcomputing device and the first computing device's transitory identityreceived from the first computing device. In response to determiningthat the two received transitory identities match, the third computingdevice may send an indication of authentication success of the firstcomputing device to the second computing device. In response todetermining that the two received transitory identities do not match,the third computing device may send an indication of first computingdevice authentication failure to the second computing device.

In some embodiments, the third computing device (e.g., theauthentication server) may maintain an audit trail of successful andfailed login attempts. In some embodiments, the audit trail may includemetadata identifying, for example, a time of each attempt, identifiersof the first and second computing devices (and any other participatingcomputing devices), a frequency of use, a frequency of authenticationfailures, and other details. The audit trail may be used for riskanalysis, and may be displayed and/or accessible via a dashboard orother reporting mechanism. In various embodiments, any of theparticipating computing devices may keep an audit trail. In someembodiments, copies of transitory identities may be stored as part ofthe audit trail. Such stored transitory identities may not be used forauthentication purposes, but may be used to identify participatingcomputing devices, as well as to confirm the participation in aparticular information transaction by a particular computing device. Insome embodiments, the information stored in the audit trail may be usedto identify, for example, a computing device that has been targeted forattack in some manner.

Various embodiments provide a system that may authenticate the identityof the computing device in a communication system based on transitoryand/or dynamic information of each computing device, in contrast to thecurrent paradigm of shared secrets and static information. In variousembodiments, a participating computing device may authenticate theidentity of a second computing device using an ephemeral transitoryidentity that may be received from the second computing device and froma third computing device (e.g., an authentication server). The variousembodiments stand in contrast to the current security paradigm, which isbased on keeping secret a static unit of information, such as a staticcertificate. Because the transitory identity of each computing device isfrequently changing, and each computing device is in periodic (oraperiodic) communication with other computing devices sending and/orreceiving new transitory identities, various embodiments improve thefunction of any communication network or any electronic communicationsystem by improving the security of communications. An adversary wouldbe required to penetrate (at a minimum) three communicationpathways—e.g., between the first and second computing devices, betweenthe first and third computing devices, and between the second and thirdcomputing devices—simultaneously and synchronously in order tocompromise communications between any two of the communication devices.

Various embodiments may be implemented using a variety of computingdevices and/or communication networks or systems without requiringsubstantive changes or alterations of any presently-existinginfrastructure. Various embodiments also improve the function of anycommunication network by reliably authenticating the identity of aparticipating computing device without relying on static identificationinformation, such as a shared secret, that could be vulnerable to attackby access and/or copying.

In various embodiments, a computing device that is configured to performthe various methods may be de-authorized or blocked from accessing thesystem in the event of theft or cloning of the computing device.

Further details relevant to various embodiments are disclosed in U.S.Provisional Application No. 62/423,593 entitled “Systems and Methods forMultipath Authentication” filed Nov. 17, 2016, and U.S. patentapplication Ser. No. 15/395,336 filed Dec. 30, 2016, both of which areincorporated by reference herein in their entirety.

Various embodiments include systems and methods for multipath dynamicauthentication for two or more computing devices. Various embodimentsenhance and improve the verification of computing devices on acommunication network by utilizing a dynamically changing sharedinformation context. The information context may include, for example, adynamically changing shared data set. In some embodiments, two computingdevices may compile a shared data set over time, for example, by storingcopies of transitory identities as described above. In some embodiments,the data set may be built up over time using any type of data files ordata elements. In various embodiments, the two computing devices mayinclude any two endpoint devices in a computing network, such as a userdevice, a network server, an authentication server, or another computingdevice. The shared data set may be compiled over time, and may bechanged by a computing device occasionally, periodically, and/or uponthe occurrence of a triggering event.

Changing or altering the shared data set may include reordering one ormore portions of the data set, adding information to the data set,subtracting information from the data set, and/or transforming one ormore portions of the shared data set.

The shared data set may include two or more portions. Each portion ofthe data set may include two or more elements. In some embodiments, acomputing device may determine a relationship between two or moreelements of a shared data set. The relationship between the two or moreelements may include a comparative difference between the two or moreelements, such as a time difference, a location difference, a positionaldifference, a color difference, a pitch difference, a frequencydifference, or another difference. The relationship between the two ormore elements may also include a comparative difference between each ofthe two or more elements and a third element, such as a relative time,location, position, color, pitch, frequency, or another difference.

In some embodiments, the shared data set may include a referentialdynamic contextual database (RDCBD), which is a dynamically alteredcomplex shared data set that may contain a plurality of files. In someembodiments, the plurality of files may include a plurality of imagefiles. In various embodiments, the computing devices may use an agreedupon method for altering the RDCBD so that the RDCBD changes over timethat enables both computing devices to alter the RDCBD while maintainingan identical shared data set. In some embodiments, the method foraltering the shared data set may be agreed to by the computing devicesin advance. In some embodiments, the method for altering the shared dataset may be agreed to dynamically by the computing devices (e.g., “on thefly”).

In some embodiments, one or more of the computing devices may generateand send to one or more other computing devices a rule set that may beused to authenticate each user device for secure communications. Therule set may identify selected elements from the shared data set. Insome embodiments, the computing device may generate the rule set basedon one or more relationships between or among the selected elements ofthe shared data set.

In some embodiments, one or more of the computing devices may generateand send to one or more other computing devices a rule set that may beused to authenticate each user device for secure communications. In someembodiments, a first computing device may select data from the shareddata set. The selected data may include two or more elements from amongone or more portions of the shared data set. The first computing devicemay determine one or more relationships between the selected dataelements. The first computing device may send the rule set to the secondcomputing device. The rule set may identify selected elements from theshared data set. In some embodiments, the computing device may generatethe rule set based on one or more relationships between or among theselected elements of the shared data set.

As one example, a shared data set may include two or more image files,and each image file may include numerous pixels (picture elements). Eachimage file may be associated with additional data, such as a time stampor other time information, location information and/or geolocationinformation where the image was obtained, weather information, and thelike. Each pixel may be associated with a large number of informationelements, such as a coordinate location in an image, color, intensity,luminosity, and the like. Each pixel may also be associated with theinformation of its respective image file. Thus, each pixel may beassociated with a large number of information elements, which may beconsidered variables. In some embodiments, the rule set may includeinformation identifying one or more pixels of the shared data set. Insome embodiments, the rule set may include information identifying onepixel of the shared data set, and relationship information that enablesthe identification of one or more other pixels using the identifiedfirst pixel and the relationship information.

However, the shared data set is not limited to image files, and a shareddata set may be generated or compiled using data that may includeidentifiable data elements, and/or in which relationships between oramong two or more data elements may be determined. Examples of such datainclude video files, audio files, biometric samples, location data(e.g., Global Positioning Satellite system data), and the like.

In some embodiments, the first computing device may generate a resultusing information in the selected elements of the shared data set. Insome embodiments, the generated result may include a string of data. Insome embodiments, the generated result may include a value based on theinformation in the selected elements of the shared data set. In someembodiments, the first computing device may perform a transform of theinformation of the selected elements, such as generating a hash ofvalues of the information. In some embodiments, the first computingdevice may generate a data string based on the information of theselected elements and may perform a transform (e.g., generate a hash) ofthe information of the selected elements to generate the first result.

In various embodiments, a second computing device having the shared dataset may receive the rule set from the first computing device, and usethe rule set and the shared data set to extract the data elements fromthe shared data set. For example, the second computing device may applythe rule set to its stored version of the RDCDB to identify the pixels(for example) and their associated location, order in the data set,numerical values for color, density, etc. The second computing devicemay create a data string from the application of the rule set. In someembodiments, the generated result may include a string of data. In someembodiments, the generated result may include a value based on theinformation in the selected elements of the shared data set. In someembodiments, the second computing device may perform a transform of theinformation of the selected elements, such as generating a hash ofvalues of the information. In some embodiments, the second computingdevice may generate a data string based on the information of or withinthe selected elements and may perform a transform (e.g., generate ahash) of the data string to generate the second result. The secondcomputing device may send the generated second result to the firstcomputing device.

In some embodiments, the first computing device may receive the secondresult generated by the second computing device, and may compare thefirst result (generated by the first computing device) and the secondresult (generated by and received from the second computing device) todetermine whether the results match. In response to determining that theresults match, the first computing device may determine that the secondcomputing device is authenticated. Having authenticated the firstcomputing device, the second computing device may begin a data exchangesession (e.g., an information transaction).

In some embodiments, the second computing device may use the same or adifferent shared data set to provide the first computing device withinformation that enables the first computing device to authenticate thesecond computing device. For example, the second computing device maysend a rule set and a result to the first computing device that enablesthe first computing device to obtain a result from the shared data setand compare the obtained and received results to authenticate the secondcomputing device in a similar manner.

In various embodiments, each computing device may independentlyauthenticate each other computing device. Since the shared data set(e.g., the RDCDB) is constantly changing, an adversary that acquires anyparticular copy will most likely be unable to use the acquired data setbefore the computing devices alter the shared data set. Even anadversary with persistent presence in one of more of the computingdevices would have to be present simultaneously within eachparticipating computing device to defeat the authentication. In variousembodiments, unless each computing device independently and mutuallyauthenticates the other computing device(s), the one or more of thecomputing devices may determine that another computing device is notauthenticated, and may prevent further communication with theun-authenticated computing device.

In various embodiments, three or more computing devices may establish agroup communication session. In some embodiments, each computing devicemay independently authenticate each other computing device in the groupcommunication session. In some embodiments, in order to join the groupcommunication session, a computing device may be required to beauthenticated by each other computing device in the group communicationsession. In some embodiments, in order to establish the groupcommunication session, each computing device may be required toindependently authenticate each other computing device in the groupcommunication session.

Various embodiments may be implemented within a variety of communicationsystems 150, an example of which is illustrated in FIG. 1A. Thecommunication system 150 may include a variety of entities that maycommunicate using a communication network, such as an IoT network 154, alaw firm 156, a defense contractor 158, a subcontractor 160, a bank 162,a health care entity 164, an online commerce entity 166, and a telecomentity 168. Each of the entities 154-168 may communicate with and amongeach other. Each of the entities 154-168 may also communicate with acertificate authority 152. The certificate authority 152 may include oneor more computing devices configured to perform operations to enable theauthentication of a computing device, as further described below. Theentities 154-168 are merely exemplary, and the communication network 150may include a wide variety of entities, including entities that mayhandle health care records, secure communications (e.g., for a businessor government agency), public records, voting systems, financialservices, security brokerage systems, IoT communications, commercialtransactions, and a wide range of other contexts,

Various embodiments may be implemented within a variety of communicationsystems 100, an example of which is illustrated in FIG. 1B. Withreference to FIGS. 1A and 1B, the elements of communication system 100may be used in any of the entities 154-168. The communication system 100may include computing devices 102, 104, 106, and 108. In someembodiments, the computing devices 102 and 104 may include a computingdevice used directly by a user, such as a smart phone, a laptopcomputer, a desktop computer, and the like. It will be understood that auser may operate more than one such computing device similar to thecomputing devices 102 and 104. In some embodiments, the computingdevices 102 and 104 may include one or more IoT devices. Non-limitingexamples of IoT devices include personal or mobile multi-media players,gaming systems and controllers, smart televisions, set top boxes, smartkitchen appliances, smart lights and lighting systems, smart electricitymeters, smart heating, ventilation, and air conditioning (HVAC) systems,smart thermostats, building security systems including door and windowlocks, vehicular entertainment systems, vehicular diagnostic andmonitoring systems, machine-to-machine devices, and similar devices thatinclude a programmable processor and memory and circuitry forestablishing wireless communication pathways and transmitting/receivingdata via wireless communication pathways. The computing devices 102 and104 may also include an unmanned, autonomous, semiautonomous, or roboticvehicle capable of travel of travel on land, sea, air, or in space. Thecomputing devices 102 and 104 may further include a smart firearm oranother processor-equipped weapon or weapon system.

In some embodiments, the computing devices 106 and 108 may include aback-end computing device such as a server. In some embodiments, thecomputing device 108 may communicate with an electronic security system114 over a communication link 130. In some embodiments, the computingdevices 106 and 108 (and possibly the computing device 114) may beoperated by one entity. For example, a health care entity 164 or atelecom entity 168 may operate one or more of the computing devices 106,108, and/or 114. In some embodiments, the computing devices 106, 108,and 114 may be operated by more than one entity.

Each of the computing devices 102, 104, 106, and 108, and the electronicsecurity system 114 may communicate with a communication network 112over a respective communication link 120, 122, 124, 126, 128, and 130.In some embodiments, the communication network 112 may include two ormore communication networks. The communication links 120, 122, 124, 126,128, and 130 may include wired or wireless communication links, and mayfurther include additional devices to facilitate communication betweenthe computing devices 102, 104, 106, and 108, the electronic securitysystem 114, and the communication network 112. Examples of suchadditional devices may include access points, base stations, routers,gateways, wired and/or wireless communication devices, as well asbackhaul communication links that may include fiber optic backhaullinks, microwave backhaul links, and other suitable communication links.

In some embodiments, the computing devices 102, 104, 106, and 108, andthe electronic security system 114 may be part of a secure network, suchas an internal enterprise network, a government agency secure network, avirtual private network (VPN), or another similar network environment.In such a secure network, the communication links 120, 122, 124, 126,128, and 130 may include additional security, such as encryption at oneor more layers (i.e., Open Systems Interconnection (OSI) layers), andother implementations to secure communications along the communicationlinks 120, 122, 124, 126, 128, and 130.

In some embodiments, the computing device 106 may be configured toperform operations related to information transactions in a variety ofcontexts, including, without limitation, health care record management,secure communications, public records management systems, votingsystems, financial services systems, security brokerage systems, as anIoT device controller, to perform a commercial transaction, as well asother contexts. In some embodiments, the computing device 108 may beconfigured to perform operations related to generating and/or obtainingtransitory identities, and authentication of a computing device such asone or more of the computing devices 102, 104, and 106, as furtherdescribed below.

In some embodiments, the electronic security system 114 may beconfigured to perform network monitoring or network security functions,such as a network monitoring system, a key logging system, or anothersimilar system. In some embodiments, electronic security system 114 maydetect an unauthorized user or electronic intruder using or accessingthe communication network 112, and may send an indication to thecomputing device 108 of the detection of the unauthorized user orelectronic intruder. In some embodiments, the electronic security system114 may be configured to monitor for and/or detect unauthorized accessesof a system, memory, network element, or component of a network elementfrom an otherwise authorized user (e.g., an “insider” threat). In someembodiments, the electronic security system 114 may be configured toreceive a command or an indication that a computing device should bede-authorized from access to the communication system. For example, theelectronic security system 114 may be a component or an element of anetwork authorization system, or a human resources system, or a systemthat provides a list of authorized users of the communication system, oranother similar system. In such embodiments, the electronic securitysystem 114 may receive a command or another message indicating that anauthorization of a computing device should be removed or blocked. Insome embodiments, in response to receiving an indication that anunauthorized user or electronic intruder has been detected, that acomputing device authorization should be removed or blocked, or anothersimilar indication, the computing device 108 may send an instruction toone or more of the computing devices 102, 104, and 106 to obtain a newtransitory identity, as further described below.

The communication network 112 may include a variety of communicationnetworks, including communication networks within an entity orenterprise, and external communication networks, publicly availablecommunication networks, and combinations of networks as well asinternetworks, including the internet. The communication network 112 maysupport communications using one or more wired and wirelesscommunication protocols. Each of the communication links 120, 122, 124,and 126 may be two-way wired or wireless communication links.

Wireless communication protocols may include one or more radio accesstechnologies (RATs). Examples of wireless RATs include 3GPP Long TermEvolution (LTE), Worldwide Interoperability for Microwave Access(WiMAX), Code Division Multiple Access (CDMA), Time Division MultipleAccess (TDMA), Wideband CDMA (WCDMA), Global System for Mobility (GSM),and other RATs. Examples of RATs may also include Wi-Fi, Bluetooth,Zigbee, LTE in Unlicensed spectrum (LTE-U), License Assisted Access(LAA), and MuLTEfire (a system that uses LTE on an unlicensed carrierband). Wired communication protocols may use a variety of wired networks(e.g., Ethernet, TV cable, telephony, fiber optic and other forms ofphysical network connections) that may use one or more wiredcommunication protocols, such as Ethernet, Point-To-Point protocol,High-Level Data Link Control (HDLC), Advanced Data Communication ControlProtocol (ADCCP), and Transmission Control Protocol/Internet Protocol(TCP/IP).

While the communication links 120, 122, and 124 are illustrated assingle links, each of the communication links may include a plurality ofwired or wireless links, such as plurality of frequencies or frequencybands, each of which may include a plurality of logical channels.Additionally, each of the various communication links 120, 122, and 124may utilize more than one communication protocol.

The computing device 108 may communicate with a data store 110, such asa memory device, database, server device, or another device capable ofstoring data. In some implementations, the data store 110 may store anaudit trail and associated metadata.

The computing device 108 may receive data inputs 140 over time. The datainputs 140 may include information that the computing device 108 may useto generate a data set that can be shared with another computing device(e.g., the computing devices 102, 104, and 106). The data inputs 140 mayinclude, for example, images, photographs, video, sound recordings(e.g., music, ambient sound recordings, or another such recording),biometric information inputs (e.g., facial recognition scans, irisscans, DNA samples, a voiceprint recordings, fingerprints, and thelike), or any other such data input.

Various embodiments may be implemented within a variety of communicationsystems 180, an example of which is illustrated in FIG. 1C. Withreference to FIGS. 1A-1C, the elements of communication system 150 maybe used in any of the entities 154-168. The communication system 180 mayinclude computing devices 184, 186, 188, 190, 192, 194, and 196. Thecomputing devices 190-196 may include network elements, such as fileservers, databases, or other similar network-accessible data sources.The computing devices 184 and 186 may include any form of user-operablenetwork terminal, and may be similar to the computing devices 102 and104. The computing devices 186-196 may be elements in a communicationnetwork 182, access to which may be protected by a device configured toprotect electronic access to the communication network 182, such as afirewall 198.

Conventional communication security implementations, such as thefirewall 198, may protect the network 182 against attacks orexploitation by an external device, such as the computing device 184.However, the firewall 198 may not protect the network 182 againstattacks or explication from a device that is inside the firewall 198,such as the computing device 186.

Various embodiments may include the computing device 188 (which may besimilar to the third computing device 108), which may be configured toperform operations related to generating and/or obtaining transitoryidentities, and authentication of an identity of a computing device suchas one or more of the computing devices 184, 186, 190, 192, 194, and196.

In various embodiments, while the firewall 198 may be employed toperform network operations such as traffic monitoring, gatewayfunctions, routing, and other similar functions, the firewall 198 maynot perform a security function or an authentication function of devicessuch as the computing devices 184 and 186. Rather, in the communicationsystem 180, the computing devices 184 and 186 may communicate with thecomputing device 188 and/or with each other, enabling authentication ofan identity of each of the computing devices 184 and 186, as well as, insome embodiments, an identity of the computing device 188. Similarly,while the communication system 180 may use inputs received at thecomputing device 184 or 186, such as a username and password, toidentify a purported user or as a pointer to a user account,communication system 180 may not use credentials such as a username andpassword for security purposes or for authentication purposes. Rather,the communication system 180 may authenticate the identity of thecomputing devices 184 and 186 based on transitory and/or dynamicinformation of each computing device, as further described below.

FIG. 2 is a component block diagram of a computing device 200 suitablefor implementing various embodiments. With reference to FIGS. 1 and 2,in various embodiments, the computing device 200 may be similar to thecomputing devices 102, 104, 106, and 108.

The computing device 200 may include a processor. The processor 202 maybe configurable with processor-executable instructions to executeoperations of the various embodiments, a specialized processor, such asa modem processor, configurable with processor-executable instructionsto execute operations of the various embodiments in addition to aprimary function, a dedicated hardware (i.e., “firmware”) circuitconfigured to perform operations of the various embodiments, or acombination of dedicated hardware/firmware and a programmable processor.

The processor 202 may be coupled to memory 204, which may be anon-transitory computer-readable storage medium that storesprocessor-executable instructions. The memory 204 may store an operatingsystem, as well as user application software and executableinstructions. The memory 204 may also store application data, such as anarray data structure. The memory 204 may include one or more caches,read only memory (ROM), random access memory (RAM), electricallyerasable programmable ROM (EEPROM), static RAM (SRAM), dynamic RAM(DRAM), or other types of memory. The processor 202 may read and writeinformation to and from the memory 204. The memory 204 may also storeinstructions associated with one or more protocol stacks. A protocolstack generally includes computer executable instructions to enablecommunication using a radio access protocol or communication protocol.

The processor 202 may also communicate with a variety of modules forunits configured to perform a variety of operations, as furtherdescribed below. For example, the processor 202 may communicate with acommunication interface 206, an authentication module 208, a hashingmodule 210, a transitory identity module 212, the hash storage module214, and a transaction module 216. The modules/units 206-216 may beimplemented on the computing device 200 in software, and hardware, or ina combination of hardware and software. Firmware, chip, system-on-a-chip(SOC), dedicated hardware (i.e., “firmware”) circuit configured toperform operations of the various embodiments, or a combination ofdedicated hardware/firmware and a programmable processor. The processor202, the memory 204, and the various modules/units 206-216 maycommunicate over a communication bus or any other communicationcircuitry or interface.

The communication interface 206 may include a network interface that mayenable communications with a communication network (e.g., thecommunication network 112). The communication interface 206 may includeone or more input/output (I/O) ports through which a connection, such anEthernet connection, a fiber optic connection, a broadband cableconnection, a telephone line connection, or other types of wiredcommunication connection may be provided. The communication interface206 may also include a radio unit that may enable radio frequencycommunication.

The authentication module 208 may provide or be in communication withone or more input devices to receive an input from a user for login tothe computing device 200. The input devices may include one or morebuttons, sliders, touchpads, keyboards, biometric input devices,cameras, fingerprint readers, and other similar input devices.

The transitory identity module 212 may generate a transitory identityfor the computing device 200. The transitory identity may be based onone or more dynamic aspects of the computing device 200, individually orin combination with other dynamic or static information. The dynamicaspects of the computing device 200 may include aspects of the firstcomputing device that change relatively rapidly, such as a clock time, achip state, a register state, or any other source of data based on adynamic aspect of the first computing device.

The hashing module 210 may generate hash of a transitory identity thatis generated by the transitory identity module 212. The hash storagemodule 214 may include a memory device, or may communicate with thememory 204, to store a transitory identity generated by the transitoryidentity module 212 and/or a hash of a transitory identity generated bythe hashing module 210.

The transaction module 216 may enable communication related to atransaction (as well as other communications) with another computingdevice (for example, between the computing device 102 and the computingdevice 106). In some implementations, the transaction module 216 mayinclude hardware and/or software configured to provide a streamlinedcommunication and/or transaction process with the transaction server. Insome implementations, the transaction module may include hardware and/orsoftware configured to provide a streamlined communication related to aspecific service provider, such as a so-called “1-click” service oranother streamlined communication/transaction process.

FIGS. 3A and 3B illustrate a system method 300 of authenticating a firstcomputing device (e.g., the computing device 102, 104, 184, 186, and 200of FIGS. 1B-2) to a second computing device (e.g., the computing device106, 190-196, and 200 of FIGS. 1B-2), and vice versa, throughinteractions with a third computing device (e.g., 108, 188, and 200 ofFIGS. 1B-2) according to some embodiments. FIG. 3C illustrates a method300 a of operations executed by the first computing device as part ofthe method 300. FIG. 3D illustrates a method 300 b of operationsexecuted by the second computing device as part of the method 300. FIG.3E illustrates a method 300 c of operations executed by the thirdcomputing device as part of the method 300. With reference to FIGS.1A-3E, the method 300 may be implemented by a processor (e.g., theprocessor 202 and/or the like) of a first computing device (i.e., adevice processor), a processor of a second computing device, and aprocessor of a third computing device.

In various embodiments, prior to or as part of the method 300, a firstcomputing device (e.g., the computing device 102 or 104) and a secondcomputing device (e.g., the computing device 106) may establish accountswith a third computing device (e.g., the computing device 108), whichmay, in some embodiments, function as an authentication server. Invarious embodiments, the first computing device and the second computingdevice may be configured with (e.g., initialize, configure, install,etc.) one or more modules enabling each computing device to perform theoperations of the method 300 (e.g., the modules 206-216).

In some embodiments, establishing an account with the third computingdevice may include determining and/or negotiating a communication pathbetween the third computing device and the first/second computingdevice. In some embodiments, each of the first and second computingdevices may negotiate or determine a communication path with the thirdcomputing device that differs in one or more aspects. For example, eachcomputing device pair may use a different encryption method or protocol,communication protocol or application (e.g., hypertext markup language(HTML), short message service (SMS) text message), and the like. Invarious embodiments, a user may establish a plurality of accounts with aplurality of authentication servers without limitation.

Various embodiments may provide a defense against the penetration andcompromise of communications between any two of the first computingdevice, the second computing device, and the third computing device. Forexample, an attacker performing a man-in-the-middle (MITM) attack maysecretly relay communications between two network devices, and maymonitor and/or alter those communications. Various embodiments wouldrequire an attacker to simultaneously compromise three communicationpathways nearly simultaneously: a first communication pathway betweenthe first computing device and the second computing device, a secondcommunication pathway between the second computing device and the thirdcomputing device, and a third communication pathway between the thirdcomputing device and the first computing device. Because the transitoryidentities are dynamic and frequently changed, an attacker would have tosteal or intercept, and decrypt extremely rapidly, transitory identitiessent using the three communication pathways. This potentialvulnerability is defeated by the short validity duration of thedifferent authentication informations exchanged between the threecomputing devices over the three separate communication pathways.

In block 302 of the method 300 and 300 a, a processor of a firstcomputing device (e.g., the computing device 102 or 104) may obtain afirst transitory identity. In some embodiments, the processor of thefirst computing device may obtain the first transitory identify bygenerating the first transitory identity (e.g., operation 302 a). Insome embodiments, the processor of the first computing device may obtaina generated first transitory identity from a third computing device(e.g., the computing device 108) (e.g., operation 302 b). In someembodiments, the processor of the third computing device may push thegenerated first transitory identity to the first computing device (e.g.,the third computing device may send the generated transitory identity tothe first computing device without a request from the first computingdevice). In some embodiments, the processor of the first computingdevice may pull the first transitory identity from the third computingdevice. For example, the first computing device may send a request forthe transitory identity to the third computing device, and the thirdcomputing device may send the transitory identity to the first computingdevice in response to the request.

In block 304 of the method 300 and 300 b, a processor of the secondcomputing device (e.g., the computing device 106) may generate a secondtransitory identity (e.g., operation 304 a). In some embodiments, theprocessor of the second computing device may obtain the first transitoryidentify by generating the second transitory identity. In someembodiments, the processor of the second computing device may obtain asecond transitory identity from the third computing device (e.g.,operation 304 b). In some embodiments, the processor of the thirdcomputing device may push the second transitory identity to the secondcomputing device. In some embodiments, the processor of the secondcomputing device may pull the generated second transitory identity fromthe third computing device.

In optional block 306 of the method 300 and 300 c, a processor of thethird computing device (e.g., the computing device 108) may generate athird transitory identity.

In block 308 of the method 300 and 300 a, the processor of the firstcomputing device may send the first transitory identity to the secondcomputing device and the third computing device. The transmission of thefirst transitory identity to the second computing device may be via anyopen communication link, such as a communication link that is in theprocess of being established between the first computing device and thesecond computing device. In some embodiments, the communication may beencrypted, and thus the transmission may be accomplished after aninitial encryption key has been exchanged. In some embodiments, thecommunication link may be open (i.e., not encrypted) so that thecomputing devices can authenticate one another via various embodimentsbefore exchanging encryption keys. The transmission of the firsttransitory identity to the third computing device may be via anothercommunication link, which may be encrypted or not encrypted. In someembodiments, this transmission may be via a public network, such as theInternet. In some embodiments, this transmission may be via private ordedicated communication link.

In block 310 of the method 300 and 300 b, the processor of the secondcomputing device may send the second transitory identity to the firstcomputing device and the third computing device. The transmission of thesecond transitory identity to the first computing device may be via anyopen communication link, such as the communication link that is in theprocess of being established between the first computing device and thesecond computing device by which the second computing device receivesthe first transitory identity. In some embodiments, the communicationmay be encrypted, and thus the transmission may be accomplished after aninitial encryption key has been exchanged. In some embodiments, thecommunication link may be open (i.e., not encrypted) so that thecomputing devices can authenticate one another via various embodimentsbefore exchanging encryption keys. The transmission of the secondtransitory identity to the third computing device may be via anothercommunication link, which may be encrypted or not encrypted. In someembodiments, this transmission may be via a public network, such as theInternet. In some embodiments, this transmission may be via private ordedicated communication link.

In optional block 312 of the method 300 and 300 c, the processor of thethird computing device may send the third transitory identity to thefirst computing device and the second computing device. The transmissionof the third transitory identity to the first and second computingdevices may be via the same communication links by which the thirdcomputing device received the first and second transitory identities.Such communication links may be encrypted or not encrypted. In someembodiments, this transmission may be via a public network, such as theInternet. In some embodiments, this transmission may be via private ordedicated communication link.

In block 314 of the method 300 and 300 a, the processor of the firstcomputing device may send an authentication query including the secondtransitory identity to the third computing device. In some embodiments,the first computing device may send the authentication queryautomatically, such as in the background. In some embodiments, the firstcomputing device may send the authentication query in response to acommand. In some embodiments, the authentication request may include asmall unit of information that may be stored at the first computingdevice, such as text, an image, biometric information, or other readilypersonalizable information. In some embodiments, the first computingdevice may include the small unit of information in or with theauthentication request.

In block 316 of the method 300 and 300 b, the processor of the secondcomputing device may send an authentication query including the firsttransitory identity to the third computing device.

In determination block 318 of the method 300 and 300 c, the processor ofthe third computing device may determine whether the second transitoryidentity from the first computing device matches the second transitoryidentity from the second computing device. In some embodiments, thethird computing device may perform this operation by a direct comparisonof the two received transitory identities (e.g., a subtraction and checkfor remainder). In some embodiments, the third computing device mayperform this operation by performing a hash function on one or both ofthe received transitory identities and determining whether the two matchby comparing the results of the hash function(s).

In response to determining that the second transitory identity from thefirst computing device does not match the second transitory identityfrom the second computing device (i.e., determination block 318=“No”),the processor of the third computing device may send an indication ofauthentication failure of the second computing device to the firstcomputing device and/or the second computing device in block 322.

In response to determining that the second transitory identity from thefirst computing device matches the second transitory identity from thesecond computing device (i.e., determination block 318=“Yes”), theprocessor of the third computing device may send an indication ofauthentication success of the second computing device to the firstcomputing device and/or the second computing device in block 326.

In determination block 320 of the method 300 and 300 c, the processor ofthe third computing device may determine whether the first transitoryidentity from the second computing device matches the first transitoryidentity from the first computing device.

In response to determining that the first transitory identity from thesecond computing device does not match the first transitory identityfrom the first computing device (i.e., determination block 320=“No”),the processor of the third computing device may send an indication ofauthentication failure of the first computing device to the firstcomputing device and/or the second computing device in block 324.

In response to determining that the first transitory identity from thesecond computing device matches the first transitory identity from thefirst computing device (i.e., determination block 320=“Yes”), theprocessor of the third computing device may send an indication ofauthentication success of the second computing device to the firstcomputing device and/or the second computing device in block 328.

In some implementations, the indications of authentication failure orauthentication success may include a very short message or datastructure, and some implementations, the indication may include a singlebit, such as a 0 or a 1, indicating authentication failure orauthentication success, respectively.

Following the operations of blocks 326 and/or 328 of the methods 300 and300 c, the processor of the third computing device may send aninstruction to the first computing device and the second computingdevice to obtain new transitory identities in block 330. In someembodiments, the instruction may include an instruction to generate anew transitory identity at the first and second computing devices,respectively. In some embodiments, the instruction may include aninstruction to each of the first and second computing devicesrespectively to obtain a new transitory identity from the thirdcomputing device. In some embodiments, the third computing device maygenerate and send a new transitory identity for each of the first andsecond computing devices without a request from either the first orsecond computing device.

The processors of the first, second, and third computing devices maythen perform the operations of blocks 302, 304, and 306 of the methods300, 300 a, 300 b and 300 c, respectively. The first, second, and thirdcomputing devices may at intervals repeat the operations of the methods300, 300 a, 300 b and 300 c to perform background authentication of theother computing devices from time to time. In some embodiments, theprocessors of the first, second, and third computing devices may repeatthe operations of the methods 300, 300 a, 300 b and 300 c from time totime with or without an instruction or other message from another of thefirst, second, and third computing devices. By using a dynamic system ofdevice authentication, the methods 300, 300 a, 300 b and 300 csubstantially reduces the possibility that any of the transitoryidentities may be intercepted and used to impersonate one of thecomputing devices.

In some embodiments, the third computing device may perform theoperations of block 330 and 300 c in the event of an authenticationfailure of the first computing device and/or the second computing device332. For example, the third computing device may respond to anauthentication failure of a computing device as an indication of acompromise or an attempted compromise of a participating computingdevice, or of the system. In various embodiments, as a response to apossible breach or an actual breach of a system's communications, thethird computing device may instruct all participating computing devicesto obtain new transitory identities. Because only computing devices thatare configured to participate in the system may be able to obtain a newtransitory identity, computing devices that are not so configured—suchas cyber intruders and other adversaries—may be unable to obtain a newtransitory identity, and will be effectively blocked from furthercommunication using the system.

In some embodiments, the processors of the first, second, and thirdcomputing devices may repeat their respective operations at a frequencythat is less than a determined time required for an attacker to obtainand use the first and/or second transitory identities. For example, insome embodiments, the duration of the first, second, and/or thirdtransitory identities (the “validity durations”) may be set to beshorter than the time required by an attacker to obtain and exploit oneor more of the transitory identities. In some embodiments, the processorof the first and/or second third computing devices may obtain a newtransitory identity in response to determining that the validityduration of the respective first and/or second transitory identity hasexpired. In some embodiments, the processor of the third computingdevice may generate a new transitory identity for the first, second,and/or third computing devices in response to determining that thevalidity duration of the respective first and/or second transitoryidentity has expired.

FIG. 3C illustrates a method 300 a of operations executed by the firstcomputing device as part of the method 300. With reference to FIGS.1A-3E, the method 300 a may be implemented by a processor (e.g., theprocessor 202 and/or the like). In blocks 302, 308, and 314, theprocessor of the first computing device may perform operations oflike-numbered blocks of the method 300.

In determination block 333, the processor of the first computing devicemay determine whether an indication of authentication success or anindication of authentication failure is or has been received from thethird computing device. In some optional embodiments, the processor mayalso determine whether no indication is received from the thirdcomputing device.

In response to determining that an indication of authentication failureis or has been received (i.e., determination block 333=“Failure”), oroptionally that no indication has been received (determination block333=“No indication”), the processor of the first computing device maystore an indication of the authentication failure in block 334.

In block 336, the processor of first computing device may perform asecurity action. For example, the processor of the first computingdevice may stop performing the information transaction with the secondcomputing device. The processor of the first computing device may alsoblock further communication with the second computing device.

In response to determining that an indication of authentication successis or has been received (i.e., determination block 333=“Success”), theprocessor of the first computing device may store an indication of theauthentication success in block 338.

In block 340, the processor of the first computing device may conductthe information transaction with the second computing device. Theprocessor of the first computing device may then obtain a new transitoryidentity in block 302. For example, the processor of the first computingdevice may determine that a validity duration of the transitory identityhas expired, and in response to determining that the validity durationof the transitory identity has expired the processor of the firstcomputing device may obtain a new transitory identity in block 302.

In optional block 342, the processor of the first computing device mayreceive an instruction from the third computing device to obtain a newtransitory identity. The processor of the first computing device maythen perform the operations of block 302.

FIG. 3D illustrates a method 300 b of operations executed by the secondcomputing device as part of the method 300. With reference to FIGS.1A-3E, the method 300 b may be implemented by a processor (e.g., theprocessor 202 and/or the like). In blocks 304, 310, and 316, theprocessor of the second computing device may perform operations oflike-numbered blocks of the method 300.

In determination block 344, the processor of the second computing devicemay determine whether an indication of authentication success or anindication of authentication failure is or has been received from thethird computing device. In some optional embodiments, the processor mayalso determine whether no indication is received from the thirdcomputing device.

In response to determining that an indication of authentication failureis or has been received (i.e., determination block 344=“Authenticationfailure”), or optionally that no indication has been received(determination block 344=“No indication”), the processor of the secondcomputing device may store an indication of the authentication failurein block 346.

In block 348, the processor of second computing device may perform asecurity action. For example, the processor of the second computingdevice may stop performing the information transaction with the firstcomputing device. The processor of the second computing device may alsoblock further communication with the first computing device.

In response to determining that the processor receives an indication ofauthentication success (i.e., determination block 344=“Authenticationsuccess”), the processor of the second computing device may store anindication of the authentication success in block 350.

In block 352, the processor of the second computing device may conductthe information transaction with the first computing device.

The processor of the second computing device may then obtain a newtransitory identity in block 304. For example, the processor of thesecond computing device may determine that a validity duration of thesecond transitory identity has expired, and in response to determiningthat the validity duration of the second transitory identity has expiredthe processor of the second computing device may obtain a new transitoryidentity in block 304.

In optional block 354, the processor of the second computing device mayreceive an instruction from the third computing device to obtain a newtransitory identity. The processor of the second computing device maythen perform the operations of block 304.

FIG. 3E illustrates a method 300 c of operations executed by the thirdcomputing device as part of the method 300. With reference to FIGS.1A-3E, the method 300 c may be implemented by a processor (e.g., theprocessor 202 and/or the like). In blocks 306-330 the device processorof the third computing device may perform operations of like-numberedblocks of the method 300.

In block 360, the processor of the third computing device may receive anauthentication query from the first computing device. In determinationblock 318, the processor of the third computing device may determinewhether the second transitory identity from the first computing devicematches the second transitory identity from the second computing device,as described above.

In block 362, the processor of the third computing device may receive anauthentication query from the second computing device. In determinationblock 320, the processor of the third computing device may determinewhether the first transitory identity from the second computing devicematches the first transitory identity from the first computing device,as described above.

FIG. 4 illustrates a method 400 of dynamically altering a shared dataset according to some embodiments. With reference to FIGS. 1A-4, themethod 400 may be implemented by a processor (e.g., the processor 202and/or the like) of a computing device (e.g., the computing devices102-108, 184-188, and 200).

Various embodiments enhance and improve the verification of computingdevices on a communication network by utilizing a dynamically changingshared information context. The information context may include, forexample, a dynamically changing shared data set. In some embodiments,two computing devices may share a data set by, for example, transmittinga data set from one computing device to another computing device. Invarious embodiments, the two computing devices may include any twoendpoint devices in a computing network, such as a user device, anetwork server, an authentication server, or another computing device.The shared data set may be compiled over time, and may be changed by acomputing device occasionally, periodically, and/or upon the occurrenceof a triggering event. Changing or altering the shared data set mayinclude reordering the shared data set, adding information to the shareddata set, subtracting information from the shared data set, and/ortransforming one or more portions of the shared data set.

The operations of the method 400 (as well as the methods 700, 800, 900,1000, 1100, 1200, and 1300) are described below with respect to a firstcomputing device and a second computing devices. Any of the computingdevices 102, 104, 106, 108, 184, and 186, and other computing devices,may function as a first computing device or a second computing device assuch devices are described with respect to the method 400 (as well asthe methods 700, 800, 900, 1000, 1100, 1200, and 1300).

In blocks 402 and 404, the first computing device and the secondcomputing device may share a data set. For example, the second computingdevice may send the data set to the first computing device. In someembodiments, the first and second computing devices may share the dataset occasionally, periodically, aperiodically, as part of aninitialization procedure, or at some other time.

In block 406, the processor may receive data inputs. For example, theprocessor of the computing device may receive data inputs (e.g., thedata inputs 140) over time. The data inputs may include information thatthe processor of the computing device may use to generate a data setthat may be shared with another computing device. The data inputs mayinclude, for example, images, photographs, video, sound recordings(e.g., music, ambient sound recordings, or another such recording),biometric information inputs (e.g., facial recognition scans, irisscans, DNA samples, a voiceprint recordings, fingerprints, and thelike), or any other data input.

In determination block 408, the processor may determine whether a shareddata set update trigger has occurred. For example, the processor maydetermine whether a period of time has elapsed. As another example, theprocessor may determine whether a trigger event has occurred. Thetrigger event may include, for example, using a shared data set in anauthentication process, such as extracting element(s) from shared dataset, determining a value from the element(s), etc., as further describedbelow. The trigger event may include, for example, a request from one ormore computing devices to update the shared data set. The trigger eventmay include, for example, an authorization failure, or an authorizationsuccess, of a computing device.

In response to determining that the data set update trigger has notoccurred (i.e., determination block 408=“No”), the processor maycontinue to receive data inputs in block 406.

In response to determining that the data set update trigger has occurred(i.e., determination block 408=“Yes”), the processor may perform one ormore operations to dynamically alter the shared data set.

For example, in block 410, the processor may generate an instruction toadd a new data set portion based on the received data inputs. In someembodiments, the processor may generate the new data set portion to beadded. In some embodiments, the generated instructions may includeinstructions enabling the generation of the new data set portion (whichmay, e.g. be sent to the second computing device, as described below).

Additionally or alternatively, the processor may generate an instructionto subtract a portion of the shared data set in block 412.

Additionally or alternatively, the processor may generate an instructionto re-order the shared data set in block 414. For example, reorderingthe shared data set may include placing one or more portions of theshared data set into a different time, location, position, or otherdifference relative to other portions of the shared data set.

Additionally or alternatively, the processor may generate an instructionto transform the shared data set in block 416. For example, theprocessor may generate an instruction to transform one or more elementsand/or one or more portions of the shared data set.

Transforming an element and/or a portion may include performing one ormore operations to alter one or more values of the element and/orportion. For example, transforming an element and/or a portion of animage or a video file may include rotating, flipping, inverting,shifting a position, shifting a color, applying a filter or presettransformation (e.g., as may be available in a photo or video editingsoftware program), or another similar operation. As another example,transforming an element and/or a portion of a music or audio file mayinclude raising or lowering pitches, reversing the content of the file,inverting the content of the audio file (i.e., transforming the contentalong a selected axis), adding an audio effect such as reverb,distortion, flanging, and the like, or another similar operation. Asanother example, transforming an element and/or a portion of the shareddata set may include transcoding data elements (e.g., transforming audiodata into visual data or text). As another example, transforming anelement and/or a portion of the shared data set may include performingone or more mathematical functions to transform the element and/orportion.

In block 418, the processor may generate one or more instructions toalter the shared data set. The one or more instructions may be based onthe generated new data set portion, the instruction to subtract aportion of the shared data set, and/or the instruction to re-order theshared data set.

In block 420, the processor of the second computing device may send theone or more instructions to the first computing device. In someembodiments, the generated instructions may include a newly generateddata set portion (e.g., as may be generated in block 410).

In block 422, the processor of the first computing device may receivethe one or more instructions from the second computing device.

In block 424, the processor of the second computing device may alter theshared data set based on the generated instruction or instructions.

In block 426, the processor of the first computing device may alter theshared data set based on the generated instruction or instructions.

In determination block 428, the processor of the second computing devicemay determine whether a verification request has been sent or receivedby the processor of the second computing device.

In response to determining that a verification request has not been sentor received (i.e., determination block 428=“No”), the processor of thesecond computing device may continue to receive data inputs in block406.

In some embodiments, in response to determining that the verificationrequest has been sent or received (i.e., determination block 428=“Yes”),the processor of the second computing device may proceed to block 710 inFIG. 7. In some embodiments, in response to determining that theverification request has sent or received (i.e., determination block428=“Yes”), the processor of the second computing device may proceed toblock 1110 in FIG. 11.

In determination block 430, the processor of the first computing devicemay determine whether a verification request has been sent or receivedby the processor of the first computing device.

In response to determining that a verification request has not been sentor received (i.e., determination block 430=“No”), the processor of thefirst computing device may again receive one or more instructions fromthe second computing device in block 422.

In some embodiments, in response to determining that a verificationrequest has been sent or received (i.e., determination block 426=“Yes”),the processor of the first computing device may proceed to block 702 inFIG. 7. In some embodiments, in response to determining that averification request has been sent or received (i.e., determinationblock 426=“Yes”), the processor of the first computing device mayproceed to block 1102 in FIG. 11.

FIG. 5 illustrates one example of a shared data set 500, according tosome embodiments. In some embodiments, the shared data set may includetwo or more portions. Each portion of the shared data set may includeone or more elements. In some embodiments, the portions of the shareddata set may include a discrete constituent, such as an image, aphotograph, video, sound recording, a biometric input, or another suchdiscrete constituent.

In some embodiments, the shared data set may include two or moretransitory identities of one of the computing devices. For example, asdescribed above, the first computing device may generate a series oftransitory identities over time and may send the transitory identitiesto the second computing device in the normal conduct of securedcommunications using methods described herein. The second computingdevice may store the transitory identities generated by and receivedfrom the first computing device. Thus, in some embodiments the shareddata set may include the first computing device's transitory identitiesreceived over time during secured and/or authenticated communications.In some embodiments, the shared data set may include two or moretransitory identities of the second computing device.

The shared data set 500 may include one or more portions, such asportions 502, 504, and 506. Each of the portions 502, 504, and 506 mayinclude one or more elements. For example, portion 502 may includeelements 520 and 522, portion 504 may include element 524, and portion506 may include elements 526 and 528. In some embodiments, the portions502, 504, and 506 may each be a transitory identity that was generatedby a computing device (e.g., one or more of the computing devices 102,104, 106, and 108). In some embodiments, the portions 502, 504, and 506may include discrete constituents, such as photographs, soundrecordings, fingerprints, biometric data, or other discrete portions.

In some embodiments, the shared data set 500 may be built up over time.For example, a first computing device (e.g., the computing device 102,104) may generate a plurality of transitory identities over time, storea copy of each transitory identity, and may send a copy of eachtransitory identity to a second computing device (e.g., the computingdevice 108), thereby providing the first computing device and the secondcomputing device with a shared data set made up of the transitoryidentities of the first computing device. In some embodiments, thesecond computing device may perform similar operations, obtainingtransitory identities and providing its transitory identities to thefirst computing device. In some embodiments, the first and secondcomputing devices may combine the shared transitory identities from eachof the first and second computing devices to generate the shared dataset. In some embodiments, the first and second computing devices mayeach compile two discrete shared data sets, made up of transitoryidentities of the first computing device, and transitory identities ofthe second computing device, respectively.

In some embodiments, the shared data set 500 may be built up over timeby one computing device and then shared with another computing device.For example, the computing device 108 may receive data inputs over time(e.g., the data inputs 140). The data inputs may include one or morediscrete constituents, such that the computing device 108 may build up adata set of the data inputs over time. The computing device 108 may thenshare or send the data set with another computing device (e.g., thecomputing device 102, 104, 106).

In various embodiments, the elements 520-528 may include informationthat enables the identification or indexing of each element within aportion. For example, an element may include information identifying alocation, position, and/or time of the element within its portion, orany other information that allows the indexing or identification of eachselected element.

In various embodiments, the portions 502-506 and/or the elements 520-528may include data from which one or more relationships to at least oneother data element may be determined. For example, the 502-506 and/orthe elements 520-528 may be associated with a timestamp. As anotherexample, portions and/or elements may be associated with a variety ofdata, such as a location, a position, a color, a pitch, a frequency, abiometric aspect, or another aspect of the portion and/or element. Therelationship between the two or more elements may include a comparativedifference between the two or more elements, such as a time difference,a location difference, a positional difference, a color difference, apitch difference, a frequency difference, a biometric difference, oranother difference.

As another example, the elements 520-528 may have different positions orlocations within a portion, or between different portions. The elements520-528 may also be associated with a different time, as well as withdifferent positions or locations, relative to two or more otherelements. In some embodiments, three or more elements may define arelationship of one element to two or more other elements. For example,the position/location differences among elements 520, 522, and 524 maydefine three angles, angle A, angle B, and angle D. Similarly, therelative position/location and/or time differences among elements 520,522, 524, 526, and 528 may define additional angles, angles C, E, F, G,H, I, and J. In various embodiments, a relationship may be a relativedifference in time, space, distance, or another informationaldifference, within a portion, among or between portions, and/or withinthe shared data set 500.

FIGS. 6A-6D illustrate exemplary shared data sets 600 a, 600 b, 600 c,and 600 d. A shared data set may include one or more of a variety oftypes of data, and the examples illustrated in FIGS. 5 and 6A-6D areintended to illustrate the variety of data types and not as limitations.

For example, the shared data set 600 a may include fingerprints 602 a,604 a, and 606 a. The fingerprints 602 a-606 a may be captured, forexample, by a biometric scanning device such as a fingerprint scanner.The fingerprints 602 a-606 a may be captured over time, such that thefingerprints 602 a-606 a each constitute a portion of the shared dataset 600 a. A processor of a computing device (e.g., the computingdevices 102-108) may select elements from the portions (e.g., thefingerprints 602 a-606 a) of the shared data set 600 a, such as elements620 a-638 a. In some embodiments, the elements 620 a-638 a may includefingerprint minutiae. The elements 620 a-638 a may include informationthat enables a processor of a computing device to identify or index eachelement within a portion (e.g., within one of the fingerprints 602 a-606a), such as information identifying a location or position of theelement within its portion. Further, each portion may be associated witha timestamp or another time element.

The portions (e.g., the fingerprints 602 a-606 a) and/or the elements620 a-638 a may include data from which one or more relationships to atleast one other data element may be determined, such as position,location, and/or time information. In some embodiments, the portionsand/or elements may include data from which one or more relationshipsamong the elements may be determined. In some embodiments, therelationships may be based on one or more comparative differencesbetween or among the elements.

As another example, the shared data set 600 b may include soundrecordings 602 b, 604 b, and 606 b. The sound recordings may becaptured, for example, by a microphone or similar device, or the soundrecordings may be received electronically by a processor of a computingdevice (e.g., the computing devices 102-108) from such a device. Thesound recordings 602 b-606 b may be captured over time, and may includeor be associated with time information. Each of the sound recordings 602b-606 b may constitute a portion of the shared data set 600 b.Additionally, or alternatively, a single recording (e.g., one of 602 b,604 b, or 606 b) may be divided into portions, for example, portions ofa certain time duration, portions divided by frequency range, portionsdivided by amplitude ranges, and other divisions.

A processor of a computing device may select elements from the portionsof the sound recordings 602 b-606 b, such as elements 620 b-630 b. Theelements 620 b-630 b may include information that enables theidentification or indexing of each element within a sound recording,such as information identifying a location or position of the elementwithin its portion. Each element 620 b-630 b may be associated withtimestamp or another time element and/or other information, such asfrequency, a pitch, and amplitude, a rate of attack, a rate of decay, aduration of sustain,

The portions (e.g., the one or more sound recordings 602 b) and/or theelements 620 b-630 b may include data from which one or morerelationships to at least one other data element may be determined, suchas position, location, and/or time information. In some embodiments, theportions and/or elements may include data from which the processor of acomputing device may determine one or more relationships among theelements. In some embodiments, the relationships may be based on one ormore comparative differences between or among the elements.

As another example, the shared data set 600 c may include images 602 c,604 c, and 606 c. The images 602 c-606 c may be of, for example, a faceas illustrated in FIG. 6c , but in various embodiments the images 602a-606 c may be any images. The images 602 a-606 c may be captured, forexample, by a camera or another image receiving device. The images 602a-606 c may be captured over time, such that the images 602 a-606 c eachconstitute a portion of the shared data set 600 a. A processor of acomputing device (e.g., the computing devices 102-108) may selectelements from the portions (e.g., the images 602 a-606 c) of the shareddata set 600 c, such as elements 620 c-636 c. For example, the processorof the computing device may select the elements 620 c-636 c using afacial recognition or other similar system. The elements 620 c-636 c mayinclude information that enables a processor of a computing device toidentify or index each element within a portion (e.g., within one of theimages 602 a-606 c), such as information identifying a location orposition of the element within its portion. Further, each portion may beassociated with a timestamp or another time element.

The portions (e.g., the images 602 a-606 c) and/or the elements 620c-636 c may include data from which one or more relationships to atleast one other data element may be determined, such as position,location, and/or time information. In some embodiments, the elements 620c-636 c may be associated with image information, such as color, tint,hue, grayscale, RGB information, Pantone color number, digital colorcode (e.g., hypertext markup language color code), saturation,brightness, contrast, or other image information. In some embodiments,the portions and/or elements may include data from which one or morerelationships among the elements may be determined. In some embodiments,the relationships may be based on one or more comparative differencesbetween or among the elements. In some embodiments, the comparativedifferences may include differences in image information, includingrelative, linear, and/or numerical differences in information indicatingcolor, tint, hue, etc.

As another example, the shared data set 600 d may include one or morebiometric data units or constituents, such as DNA samples 602 d, 604 d,and 606 d. Biometric data may be captured by an appropriate scanner orcapture device and received by a processor of a computing device (e.g.,the computing devices 102-108). The biometric data may be captured overtime, and may include or be associated with time information. The shareddata set 600 d may include two or more biometric data constituents orunits, each of which may constitute a portion of the shared data set(e.g., two or more discrete biometric samples). Additionally oralternatively, a biometric sample may be divided into portions, whichdivisions may be determined based on the information available in thebiometric sample. For example, the DNA samples 602 d, 604 d, and 606 dmay be divided into portions of a certain base-pair length or number, acertain length of the DNA backbone, by type of nucleotide (e.g.,adenine, guanine, cytosine, or thymine), by type of base pair (e.g.,adenine-thymine, cytosine-guanine), or another division.

A processor of a computing device may select elements from the portionsof the biometric data unit 600 d, such as elements 620 d-630 d. Theelements 620 d-630 d may include information that enables theidentification or indexing of each element within a biometric data, suchas information identifying a location or position of the element withinits portion, such as a position along the DNA strand 602 d. Each element620 d-630 d may be associated with timestamp or another time element.

The portions (e.g., the one or more biometric data units 602 d) and/orthe elements 620 d-630 d may include data from which one or morerelationships to at least one other data element may be determined, suchas position, location, and/or time information. In some embodiments, theportions and/or elements may include data from which the processor of acomputing device may determine one or more relationships among theelements. In some embodiments, the relationships may be based on one ormore comparative differences between or among the elements.

FIG. 7 illustrates a method 700 of authenticating a first computingdevice (e.g., the computing device 102, 104, 184, 186, and 200 of FIGS.1B-2) to a second computing device (e.g., the computing device e.g.,108, 188, and 200 of FIGS. 1B-2). With reference to FIGS. 1A-7, themethod 700 may be implemented by a processor (e.g., the processor 202and/or the like) of a computing device (e.g., the computing devices102-108, 184-188, and 200).

In block 702, the processor of the first computing device may selectelements from the shared data set. For example, the processor of thefirst computing device may select elements 520, 522, 524, 526, and 528from among the portions 502, 504, and 506 of the shared data set 500. Asanother example, the processor of the first computing device may selectelements from among the shared data sets 600 a, 600 b, 600 c, or 600 d.In some embodiments, the processor of the first computing device mayselect the elements randomly from the shared data set.

In block 704, the processor of the first computing device may generate arule set indicating the selected elements. In some embodiments, the ruleset may identify the selected elements from the shared data set. Forexample, the processor may generate a rule set identifying the elementsselected from the shared data set.

In some embodiments, the processor may generate the rule set based onthe one or more relationships between or among the selected elements ofthe shared data set. The relationship between the two or more elementsmay include a comparative difference between the two or more elements,such as a time difference, a location difference, a positionaldifference, a color difference, a pitch difference, a frequencydifference, or another difference. As another example, the relationshipsmay be defined by comparative differences among three or more elements.For example, the position/location differences among the elements 520,522, and 524 may define three angles, angle A, angle B, and angle D.Similarly, the relative position/location and/or time differences amongelements 520, 522, 524, 526, and 528 may define additional angles,angles C, E, F, G, H, I, and J. In some embodiments, the processor ofthe first computing device may generate the rule set based on one ormore relationships among the selected elements of, for example, theshared data sets 600 a, 600 b, 600 c, or 600 d. In various embodiments,a relationship may be a relative difference in time, space, distancewithin a portion, or another informational difference. Therelationship(s) between or among elements may be determined among and/orbetween portions of the shared data set.

In some embodiments, the processor may generate the rule set using acombination of identifiers of the selected elements and one or morerelationships among the selected elements. In some embodiments, the ruleset may include an identifier of only one of the selected elements andrelationships of the one selected elements and the other selectedelements. For example, the rule set may include an identifier of theelement 520, and information about the relationships of the element 520to the other selected elements (elements 522-528) sufficient to enableanother computing device to identify the other selected elements(elements 522-528) using only the element 520 and the information aboutthe relationships of the element 520 and the other selected elements. Insome embodiments, the processor may generate a rule set using acombination of identifiers of the selected elements and one or morerelationships among the selected elements of, for example, the shareddata sets 600 a, 600 b, 600 c, or 600 d.

In some embodiments, the generated rule set may be formatted as a stringof information organized according to an organizational logic. The moreefficient the organizational logic, the smaller the generated rule setmay be, enabling faster generation, transmission, and processing byreceiving computing device, thereby decreasing a burden on processors ofthe computing devices as well as the transport infrastructure.

In block 706, the processor of the first computing device may generate afirst result based on the selected elements. In some embodiments, thefirst result may include a string of data. In some embodiments, thefirst result may include a value based on the information in theselected elements of the shared data set. In some embodiments, theprocessor of the first computing device may perform a transform of theinformation of the selected elements, such as generating a hash ofvalues within the information. In some embodiments, the processor of thefirst computing device may generate a data string based on theinformation of the selected elements and may perform a transform (e.g.,generate a hash) of the information of the selected elements to generatethe first result.

In block 708, the processor the first computing device may send the ruleset to the second computing device (e.g., the computing device 108). Insome embodiments, the first computing device may send a verificationrequest including the rule set to the second computing device.

In block 710, a processor of the second computing device may receive therule set (or verification request) from the first computing device.

In block 712, the processor of the second computing device may extractthe selected elements from the shared data set using the rule set. Forexample, the processor of the second computing device may useidentifiers of each of the selected elements 520-528 to extract theselected elements from the shared data set stored at the secondcomputing device. As another example, the processor of the secondcomputing device may use one or more identifiers of one of the selectedelements (e.g., one or more of the elements 520-528, or one or more ofthe elements of the shared data set 600 a, 600 b, 600 c, or 600 d) andone or more relationships among the selected elements to extract theselected elements from the shared data set.

In block 714, the processor of the second computing device may generatea second result based on the selected elements. In some embodiments, thesecond result may include a string of data. In some embodiments, thesecond result may include a value based on the information in theselected elements of the shared data set. In some embodiments, theprocessor of the second computing device may perform a transform of theinformation of the selected elements, such as generating a hash ofvalues within the information. In some embodiments, the processor of thesecond computing device may generate a data string based on theinformation of the selected elements and may perform a transform (e.g.,generate a hash) of the information of the selected elements to generatethe first result. In various embodiments, the processor of the secondcomputing device may use the same method of generating the second resultthat the first computing device uses to generate the first result.

In block 716, the processor of the second computing device may send thesecond result to the first computing device.

In block 718, the processor of the first computing device may receivethe second result from the second computing device.

In determination block 720, the processor of the first computing devicemay determine whether the first result matches the second result. Forexample, the processor may determine whether a product of the firstresult and the second result equals zero. As another example, theprocessor may compare the first result and the second result. Inresponse to determining that the first result does not match the secondresult (i.e., determination block 720=“No”), the processor of the firstcomputing device may determine that the second computing device is notauthenticated in block 722.

In block 724, the processor of the first computing device may preventthe first computing device from communicating with the second computingdevice.

In optional block 726, the processor of the first computing device maysend an indication that the second computing device is notauthenticated. For example, the first computing device may send theindication to the second computing device. As another example, the firstcomputing device may send the indication to another computing device(e.g., the computing device 106).

In response to determining that the first result matches the secondresult (i.e., determination block 720=“Yes”), the processor of the firstcomputing device may determine that the second computing device isauthenticated in block 728.

In block 730, the processor of the first computing device may enablecommunication with the second computing device.

In optional block 732, the processor of the first computing device maysend an indication that the second computing device is authenticated.For example, the first computing device may send the indication to thesecond computing device. As another example, the first computing devicemay send the indication to another computing device (e.g., the computingdevice 106).

The processor of the first computing device may then proceed to theoperations of block 302 (FIGS. 3A, 3B, and 3C).

In some embodiments, if the processor of the first computing deviceenables communication with the second computing device (e.g., block730), the processor of the second computing device may then proceed tothe operations of block 302 (FIGS. 3A, 3B, and 3C). In some embodiments,if the processor of the first computing device sends an indication thatthe second computing device is authenticated (e.g., block 732), theprocessor of the second computing device may then proceed to theoperations of block 302 (FIGS. 3A, 3B, and 3C).

FIG. 8 illustrates a method 800 including operations that may beperformed in blocks 702 and 704 of the method 700. With reference toFIGS. 1A-8, the method 800 may be implemented by a processor (e.g., theprocessor 202 and/or the like) of a computing device (e.g., thecomputing devices 102-108, 184-188, and 200).

After performing the operations of block 402 in FIGS. 4 and 7, theprocessor of the first computing device may select one or more portionsof the shared data set in block 802. For example, the processor mayselect one or more portions of one of the shared data sets 500 and 600a-600 d.

In block 804, the processor of the first computing device may select twoor more elements from among the one or more portions of the shared dataset. For example, the processor of the first computing device may selecttwo or more elements from among the shared data sets 500 and 600 a-600 d(e.g., the elements 522-528, 620 a-638 a, 620 b-630 b, 620 c-636 c, and620 d-630 d).

In block 806, the processor of the first computing device may determineone or more relationships between the selected two or more elements. Insome embodiments, the relationship(s) may be based on one or morecomparative differences between or among the elements, such as thosedescribed above with respect to shared data sets 500 and 600 a-600 d.

In block 808, the processor of the first computing device may generate arule set based on the determined one or more relationships between theselected two or more elements. For example, the processor may generate arule set identifying the selected two or more elements. In someembodiments, the processor may generate the rule set based on the one ormore relationships between or among the selected elements of the shareddata set. The relationship between the two or more elements may includea comparative difference between the two or more elements.

The processor of the first computing device may then perform theoperations of block 706 (FIG. 7).

FIG. 9 illustrates a method 900 including operations that may beperformed in blocks 702 and 704 of the method 700. With reference toFIGS. 1A-9, the method 900 may be implemented by a processor (e.g., theprocessor 202 and/or the like) of a computing device (e.g., thecomputing devices 102-108, 184-188, and 200). In blocks 802 and 804, theprocessor may perform operations of like-numbered blocks of the method800.

In block 902, the processor of the first computing device may select oneof the elements as a primary element. For example, the processor mayselect a primary element from the elements selected from the shared datasets 500 and 600 a-600 d (e.g., the elements 522-528, 620 a-638 a, 620b-630 b, 620 c-636 c, and 620 d-630 d).

In block 904, the processor of the first computing device may determineone or more relationships between the selected primary element and oneor more other elements of the shared data set. In some embodiments, therelationship(s) may be based on one or more comparative differencesbetween or among the elements, such as those described above withrespect to shared data sets 500 and 600 a-600 d.

In block 906, the processor of the first computing device may generate arule set based on the determined one or more relationships between theselected primary element and the one or more other elements. Forexample, the processor may generate a rule set identifying the primaryelement and one or more relationships between or among the primaryelement and the one or more other elements of the shared data set. Therelationship(s) may include one or more comparative differences betweenand/or among the elements. For example, the rule set may include anidentifier of the element 520, and information about the relationshipsof the element 520 to the other selected elements (elements 522-528)sufficient to enable another computing device to identify the otherselected elements (elements 522-528) from the shared data set using onlythe element 520 and the information about the relationships of theelement 520 and the other selected elements.

The processor of the first computing device may then perform theoperations of block 706 (FIG. 7).

FIG. 10 illustrates a method 1000 including operations that may beperformed in block 712 of the method 700. With reference to FIGS. 1A-10,the method 1000 may be implemented by a processor (e.g., the processor202 and/or the like) of a computing device (e.g., the computing devices102-108, 184-188, and 200).

After performing the operations of block 710 in FIG. 7, the processor ofthe second computing device may obtain the shared data set in block1002. For example, the processor of the second computing device mayrecall the shared data set from memory.

In block 1004, the processor of the second computing device may identifyone or more elements of the shared data set that are indicated in therule set. For example, the rule set may identify one or more selectedelements of the shared data set. As another example, the rule set mayidentify a primary element of the shared data set.

In block 1006, the processor of the second computing device may identifyone or more relationships indicated in the rule set. The one or morerelationships may be based on one or more comparative differences of oneor more of the elements of the shared data set. The one or morerelationships may be related to the primary element of the shared dataset.

In block 1008, the processor of the second computing device may extractthe elements from the shared data set using the identified one or moreelements and/or the one or more identified relationships. In someembodiments, the identified one or more elements and/or the one or moreidentified relationships provide sufficient information to enable theprocessor of the second computing device to identify the selectedelements of the shared data set.

The processor of the second computing device may then perform theoperations of block 714 (FIG. 7).

FIG. 11 illustrates a method 1100 of bi-directionally authenticating afirst computing device and a second computing device according to someembodiments. With reference to FIGS. 1A-11, the method 1100 may beimplemented by a processor (e.g., the processor 202 and/or the like) ofa computing device (e.g., the computing devices 102-108, 184-188, and200). In blocks 402 and 404, the processors may perform operations oflike-numbered blocks of the method 400.

In some embodiments, the first computing device and the second computingdevice may share two or more data sets. For example, the first computingdevice may generate or compile a first data set, and the first computingdevice may share the first data set with the second computing device.Similarly, the second computing device may generate or compile a seconddata set, and may share the second data set with the first computingdevice. There is no limitation on the number of data sets any computingdevice may store or share with another computing device (provided thatthe data sets are shared data sets). Thus, while the operationsdescribed below with respect to the method 1100 referred to a shareddata set, in some embodiments the operations of the method 1100 may beperformed using two (or more) shared data sets.

In some embodiments, sharing a data set may include sharing (i.e.sending and/or receiving) one or more transitory identities generated byor obtained from a computing device (e.g., operations 302-306 of FIG.3).

In block 1102, the processor of the first computing device may select afirst set of elements from a shared data set (e.g., shared with thesecond computing device). For example, the processor of the firstcomputing device may select elements from among the portions of theshared data sets 500 and 600 a-600 d.

In block 1104, the processor of the first computing device may generatea first rule set indicating the selected elements. In some embodiments,the rule set may identify the selected elements from the shared dataset. In some embodiments, the processor may generate the rule set basedon the one or more relationships between or among the selected elementsof the shared data set. The relationship between the two or moreelements may include a comparative difference between the two or moreelements. In some embodiments, the processor may generate the rule setusing a combination of identifiers of the selected elements and one ormore relationships among the selected elements. In some embodiments, therule set may include an identifier of only one of the selected elementsand relationships of the one selected elements and the other selectedelements.

In block 1106, the processor of the first computing device may generatea first result based on the selected elements. In some embodiments, thefirst result may include a string of data. In some embodiments, thefirst result may include a value based on the information in theselected elements of the shared data set. In some embodiments, theprocessor of the first computing device may perform a transform of theinformation of the selected elements, such as generating a hash ofvalues within the information. In some embodiments, the processor of thefirst computing device may generate a data string based on theinformation of the selected elements and may perform a transform (e.g.,generate a hash) of the information of the selected elements to generatethe first result.

In block 1108, the processor the first computing device may send thefirst rule set to the second computing device.

In block 1110, the processor of the second computing device may select asecond set of elements from a shared data set (e.g., shared with thefirst computing device). For example, the processor of the secondcomputing device may select elements from among the portions of theshared data sets 500 and 600 a-600 d.

In block 1112, the processor of the second computing device may generatea second rule set indicating the selected elements. In some embodiments,the rule set may identify the selected elements from the shared dataset. In some embodiments, the processor may generate the rule set basedon the one or more relationships between or among the selected elementsof the shared data set. The relationship between the two or moreelements may include a comparative difference between the two or moreelements. In some embodiments, the processor may generate the rule setusing a combination of identifiers of the selected elements and one ormore relationships among the selected elements. In some embodiments, therule set may include an identifier of only one of the selected elementsand relationships of the one selected elements and the other selectedelements.

In block 1114, the processor of the second computing device may generatea second result based on the selected elements. In some embodiments, thesecond result may include a string of data. In some embodiments, thesecond result may include a value based on the information in theselected elements of the shared data set. In some embodiments, theprocessor of the second computing device may perform a transform of theinformation of the selected elements, such as generating a hash ofvalues within the information. In some embodiments, the processor of thesecond computing device may generate a data string based on theinformation of the selected elements and may perform a transform (e.g.,generate a hash) of the information of the selected elements to generatethe first result.

In block 1116, the processor of the second computing device may receivethe first rule set from the first computing device.

In block 1118, the processor of the second computing device may send thesecond rule set to the first computing device.

In block 1120, the processor of the first computing device may receivethe second rule set from the second computing device.

In block 1122, the processor of the first computing device may extractthe selected elements (i.e., the elements selected by the secondcomputing device) from the shared data set using the second rule set.For example, the processor of the first computing device may useidentifiers of each of the selected elements to extract the selectedelements from the shared data set stored at the first computing device.As another example, the processor of the first computing device may useone or more identifiers of one of the selected elements and one or morerelationships among the selected elements to extract the selectedelements from the shared data set.

In block 1124, the processor of the first computing device may generatea third result based on the selected elements. In some embodiments, thethird result may include a string of data. In some embodiments, thethird result may include a value based on the information in theselected elements of the shared data set. In some embodiments, theprocessor of the first computing device may perform a transform of theinformation of the selected elements, such as generating a hash ofvalues within the information. In some embodiments, the processor of thefirst computing device may generate a data string based on theinformation of the selected elements and may perform a transform (e.g.,generate a hash) of the information of the selected elements to generatethe third result.

“transformation” needs to be defined more broadly=any mathematicaloperation, number shifting, any computation or operation; translate toany language;

In various embodiments, the processor of the first computing device mayuse the same method of generating the third result that the secondcomputing device uses to generate the second result.

In block 1126, the processor of the first computing device may send thethird result to the second computing device.

In block 1128, the processor of the second computing device may extractthe selected elements (i.e., the elements selected by the firstcomputing device) from the shared data set using the first rule set. Forexample, the processor of the second computing device may useidentifiers of each of the selected elements to extract the selectedelements from the shared data set stored at the second computing device.As another example, the processor of the second computing device may useone or more identifiers of one of the selected elements and one or morerelationships among the selected elements to extract the selectedelements from the shared data set.

In block 1130, the processor of the second computing device may generatea fourth result based on the selected elements. In some embodiments, thefourth result may include a string of data. In some embodiments, thefourth result may include a value based on the information in theselected elements of the shared data set. In some embodiments, theprocessor of the second computing device may perform a transform of theinformation of the selected elements, such as generating a hash ofvalues of the information. In some embodiments, the processor of thesecond computing device may generate a data string based on theinformation of the selected elements and may perform a transform of theinformation of the selected elements to generate the fourth result. Invarious embodiments, the processor of the second computing device mayuse the same method of generating the fourth result that the firstcomputing device uses to generate the first result.

In block 1132, the processor of the second computing device may receivethe third result from the first computing device.

In block 1134, the processor of the second computing device may send thefourth result to the first computing device.

In block 1136, the processor of the first computing device may receivethe fourth result from the second computing device.

In determination block 1138, the processor of the first computing devicemay determine whether the first result matches the fourth result. Forexample, the processor of the first computing device may determinewhether the first result that is generated by the processor of the firstcomputing device using the selected elements from the shared data setmatches the fourth result that is generated by the processor of thesecond computing device using the selected elements from the shared dataset. In some embodiments, the comparison may include determining whetherthe difference of the first result and the fourth result equals zero.

In response to determining that the first result does not match thefourth result (i.e., determination block 1138=“No”), the processor ofthe first computing device may determine that the second computingdevice is not authenticated in block 1140.

In block 1142, the processor of the first computing device may preventthe first computing device from communicating with the second computingdevice.

In optional block 1144, the processor of the first computing device maysend an indication that the second computing device is notauthenticated. For example, the first computing device may send theindication to the second computing device. As another example, the firstcomputing device may send the indication to another computing device.

In response to determining that the second result matches the thirdresult (i.e., determination block 1138=“Yes”), the processor of thefirst computing device may determine that the second computing device isauthenticated in block 1146.

In block 1148, the processor of the first computing device may enablecommunication with the second computing device.

In optional block 1150, the processor of the first computing device maysend an indication that the second computing device is authenticated.For example, the first computing device may send the indication to thesecond computing device. As another example, the first computing devicemay send the indication to another computing device.

In various embodiments, the processor of the first computing device maythen proceed to block 302 (FIGS. 3A, 3B, and 3C)

In determination block 1152, the processor of the second computingdevice may determine whether the second result matches the third result.In response to determining that the second result does not match thethird result (i.e., determination block 1152=“No”), the processor of thesecond computing device may determine that the first computing device isnot authenticated in block 1154.

In block 1156, the processor of the second computing device may preventthe second computing device from communicating with the first computingdevice.

In optional block 1158, the processor of the second computing device maysend an indication that the first computing device is not authenticated.For example, the second computing device may send the indication to thefirst computing device. As another example, the second computing devicemay send the indication to another computing device.

In response to determining that the second result matches the thirdresult (i.e., determination block 1152=“Yes”), the processor of thesecond computing device may determine that the first computing device isauthenticated in block 1160.

In block 1162, the processor the second computing device may enablecommunication with the first computing device.

In optional block 1164, the processor of the second computing device maysend an indication that the first computing device is authenticated. Forexample, the second computing device may send the indication to thefirst computing device. As another example, the second computing devicemay send the indication to another computing device (e.g., the computingdevice 106).

In various embodiments, the processor of the second computing device maythen proceed to block 302 (FIGS. 3A, 3B, and 3C)

FIG. 12 illustrates a method 1200 of authenticating a first computingdevice (e.g., the computing device 102, 104, 184, 186, and 200 of FIGS.1B-2) to a second computing device (e.g., the computing device e.g.,108, 188, and 200 of FIGS. 1B-2). With reference to FIGS. 1A-12, themethod 1200 may be implemented by a processor (e.g., the processor 202and/or the like) of a computing device (e.g., the computing devices102-108, 184-188, and 200). In blocks 706-732, the processors mayperform operations of like-numbered blocks of the method 700.

In blocks 1202 and 1204, the processors of the first computing deviceand the second computing device may share first transitory identities.For example, the first computing device may generate or obtain one ormore first transitory identities, and the first computing device mayshare (e.g., transmit to) the one or more first transitory identitieswith the second computing device, as discussed above. In someembodiments, the first computing device may share the first transitoryidentities with the second computing device over time. In someembodiments, the shared first transitory identities (i.e., stored atboth the first computing device and the second computing device) maymake up a shared data set. In some embodiments, the operations of blocks1202 and 1204 may include one or more operations of the method 400, todynamically alter the shared data set.

In block 1206, the processor of the first computing device may selectone or more first transitory identities. In some embodiments, theselected first transitory identities may be considered portions of theshared data set of the first transitory identities. In some embodiments,the selected first transitory identities may be previously-used firsttransitory identities. For example, the selected first transitoryidentities may have been used to authenticate the first computing devicein a previously-performed authentication operation.

In block 1208, the processor of the first computing device may selectelements from within the selected one or more transitory identities. Insome embodiments, the selected elements may include any informationincluded in the selected one or more transitory identities.

In block 1210, the processor of the first computing device may generatea rule set indicating the selected elements. In some embodiments, therule set may identify the selected elements from the selected one ormore first transitory identities. In some embodiments, the processor maygenerate the rule set based on one or more relationships between oramong the selected elements of the selected transitory identities.

In block 706, the processor of the first computing device may transformthe selected elements to generate a first result. In block 412, theprocessor the first computing device may send the rule set and the firstresult to a second computing device (e.g., the computing device 108). Inblock 414, a processor of the second computing device may receive therule set and the first result.

In block 1212, the processor of the second computing device may extractthe selected elements from the first transitory identity stored at thesecond computing device using the rule set. For example, the processorof the second computing device may use identifiers of each of theselected elements to extract the selected elements from the firsttransitory identities stored at the second computing device. As anotherexample, the processor of the second computing device may use one ormore identifiers of one of the selected elements and one or morerelationships among the selected elements to extract the selectedelements from the first transitory identities.

The processor of the second computing device may transform the extractedelements to generate a second result in block 714, and may send thesecond result to the first computing device in block 716. The processorof the first computing device may receive the second result from thesecond computing device in block 718, and may determine whether thefirst result matches the second result in determination block 720,substantially as described above.

FIG. 13 illustrates a method 1300 of bi-directionally authenticating afirst computing device and a second computing device according to someembodiments. With reference to FIGS. 1A-13, the method 1300 may beimplemented by a processor (e.g., the processor 202 and/or the like) ofa computing device (e.g., the computing devices 102-108, 184-188, and200). In blocks 1104-1164, the processors may perform operations oflike-numbered blocks of the method 1100.

In blocks 1301 a and 1301 b, the processor of the first computing deviceand the processor of the second computing device may share transitoryidentities. For example, the first computing device may generate orobtain one or more first transitory identities, and the first computingdevice may share (e.g., transmit to) the one or more first transitoryidentities with the second computing device, as described above. In someembodiments, the first computing device may share the first transitoryidentities with the second computing device over time. In someembodiments, the shared first transitory identities (i.e., stored atboth the first computing device and the second computing device) maymake up a shared data set.

Additionally or alternatively, in some embodiments, the second computingdevice may generate or obtain one or more second transitory identities,and the second computing device may share (e.g., transmit to) the one ormore second transitory identities with the first computing device, asdiscussed above. In some embodiments, the second computing device mayshare the second transitory identities with the first computing deviceover time. In some embodiments, the shared second transitory identities(i.e., stored on both the first computing device and the secondcomputing device) may make up a second shared data set.

In the operations of block 1306, in some embodiments, the secondcomputing device may select the second transitory identities from ashared data set made up of the first transitory identities received fromthe first computing device.

Further, in some embodiments, the second computing device may select thesecond transitory identities from a shared data set made up of thesecond transitory identities obtained by the second computing device andshared with the first computing device.

Thus, in some embodiments, the first computing device and the secondcomputing device may share two or more data sets.

In some embodiments, the operations of blocks 1301 a and 1301 b, mayinclude one or more operations of the method 400, to dynamically alterthe shared data set(s).

In block 1302, the processor of the first computing device may selectone or more first transitory identities. In some embodiments, the firsttransitory identities may have been shared with the second computingdevice, such that the first transitory identities are a data set sharedby the first computing device and the second computing device. In someembodiments, the selected first transitory identities may be portions ofthe shared data set of the first transitory identities.

In block 1304, the processor of the first computing device may selectfirst elements from the selected one or more first transitoryidentities.

In block 1104, the processor of the first computing device may generatea first rule set indicating the selected first elements.

In block 1306, the processor of the second computing device may selectone or more second transitory identities. In various embodiments, thefirst computing device and the second computing device may share one ormore data sets. In some embodiments, the processor of the secondcomputing device may select the second transitory identities from afirst shared data set that is shared with the first computing device. Insome embodiments, the processor of the second computing device mayselect the second transitory identities from a second shared data setthat is shared with the first computing device (while the firstcomputing device may select the one or more first transitory identityfrom the first data set shared by both the first computing device andthe second computing device).

In block 1308, the processor of the second computing device may selectsecond elements from the selected one or more second transitoryidentities.

In block 1112, the processor of the second computing device may generatea second rule set indicating the selected second elements.

In block 1310, the processor of the first computing device may extractthe selected elements (i.e., the elements selected by the secondcomputing device) from the second transitory identities using thereceived second rule set. For example, the processor of the firstcomputing device may use identifiers of each of the selected elements toextract the selected elements from the second transitory identitiesstored at the first computing device. As another example, the processorof the first computing device may use one or more identifiers of one ofthe selected elements and one or more relationships among the selectedelements to extract the selected elements from the second transitoryidentities.

In block 1312, the processor of the second computing device may extractthe selected elements (i.e., the elements selected by the firstcomputing device) from the first transitory identities using the firstrule set. For example, the processor of the second computing device mayuse identifiers of each of the selected elements to extract the selectedelements from the first transitory identities stored at the secondcomputing device. As another example, the processor of the secondcomputing device may use one or more identifiers of one of the selectedelements and one or more relationships among the selected elements toextract the selected elements from the first transitory identities.

Various embodiments enhance and improve the verification of computingdevices on a communication network by utilizing a dynamically changingshared information context. The information context may include, forexample, a shared data set. In some embodiments, the shared data set mayinclude one or more transitory identities of a computing device that areshared during authenticated and/or secure transactions. In someembodiments, the transitory identities may have been previously used toauthenticate one or both of the two computing devices. This enables theshared data set to be compiled over time in a manner that is unique tothe two computing devices. Building up the shared data set in thismanner enables two computing devices to possess a shared data set thatis unique to the historical context of communications between and amongthe two computing devices. Additionally, such a shared data set changesfrequently in an unpredictable manner, thereby ensuring that thecomputing devices can reliably authenticate one another and recognizeimposters even in the event one of the computing devices has beencompromised and the shared data set stolen. The shared data set may bechanged by one or both of the computing devices occasionally,periodically, and/or upon the occurrence of a triggering event (e.g., onsuspicion that one or the other computing device has been compromised.

Changing or altering the shared data set may include reordering the dataset, adding information to the data set, and/or subtracting informationfrom the data set.

Various embodiments may improve the function of each participatingcomputing device, as well as the overall communication system, byenabling the authentication of the participating communication devices.Various embodiments improve the function of each participating computingdevice in a wide range of communications and/or information transactioncontexts, including healthcare record management, secure communications(e.g., government, business, intelligence community, etc.), publicrecords management systems, voting systems, financial services systems,security brokerage systems, and many others. Various embodiments mayalso improve the function of the Internet of Things, and communicationamong various IoT devices or among IoT devices and an IoT devicecontroller, such as a router, server, IoT hub, or another similardevice. In particular, various embodiments, when implemented in an IoTenvironment, may be of particular use in preventing distributed denialof service (DDoS) attacks, without human intervention. Variousembodiments may also improve the function of remotely controlled,semiautonomous, and autonomous vehicles. Various embodiments may improvethe function of a communication system by enabling the performance of anon-repudiable information transaction in which, because theparticipation of specific computing devices may be authenticated, theauthentication procedure may generate evidence creating a presumptionthat a participant actually participated in the information transaction.

Various embodiments illustrated and described are provided merely asexamples to illustrate various features of the claims. However, featuresshown and described with respect to any given embodiment are notnecessarily limited to the associated embodiment and may be used orcombined with other embodiments that are shown and described. Further,the claims are not intended to be limited by any one example embodiment.For example, one or more of the operations of the methods 300, 300 a,300 b, 300 c, 400, 700, 800, 900, 1000, 1100, 1200, and 1300 may besubstituted for or combined with one or more operations of the methods300, 300 a, 300 b, 300 c, 400, 700, 800, 900, 1000, 1100, 1200, and1300.

FIG. 14 is a component block diagram of a mobile wireless communicationdevice 1400 suitable for implementing various embodiments. Withreference to FIGS. 1A-14, the mobile wireless communication device 1400may include a processor 1402 coupled to a touchscreen controller 1406and an internal memory 1404. The processor 1402 may be one or moremulti-core integrated circuits designated for general or specificprocessing tasks. The internal memory 1404 may be volatile ornon-volatile memory, and may also be secure and/or encrypted memory, orunsecure and/or unencrypted memory, or any combination thereof. Thetouchscreen controller 1406 and the processor 1402 may also be coupledto a touchscreen panel 1412, such as a resistive-sensing touchscreen,capacitive-sensing touchscreen, infrared sensing touchscreen, etc.Additionally, the display of the mobile wireless communication device1400 need not have touch screen capability.

The mobile wireless communication device 1400 may have two or more radiosignal transceivers 1408 (e.g., Bluetooth, Zigbee, Wi-Fi, radiofrequency (RF), etc.) and antennae 1410, for sending and receivingcommunications, coupled to each other and/or to the processor 1402. Thetransceivers 1408 and antennae 1410 may be used with the above-mentionedcircuitry to implement the various wireless transmission protocol stacksand interfaces. The mobile wireless communication device 1400 mayinclude one or more cellular network wireless modem chip(s) 1416 coupledto the processor and antennae 1410 that enables communication via two ormore cellular networks via two or more radio access technologies.

The mobile wireless communication device 1400 may include a peripheralwireless device connection interface 1418 coupled to the processor 1402.The peripheral wireless device connection interface 1418 may besingularly configured to accept one type of connection, or may beconfigured to accept various types of physical and communicationconnections, common or proprietary, such as USB, FireWire, Thunderbolt,or PCIe. The peripheral wireless device connection interface 1418 mayalso be coupled to a similarly configured peripheral wireless deviceconnection port (not shown).

The mobile wireless communication device 1400 may also include speakers1414 for providing audio outputs. The mobile wireless communicationdevice 1400 may also include a housing 1420, constructed of a plastic,metal, or a combination of materials, for containing all or some of thecomponents discussed herein. The mobile wireless communication device1400 may include a power source 1422 coupled to the processor 1402, suchas a disposable or rechargeable battery. The rechargeable battery mayalso be coupled to the peripheral wireless device connection port toreceive a charging current from a source external to the mobile wirelesscommunication device 1400. The mobile wireless communication device 1400may also include a physical button 1424 for receiving user inputs. Themobile wireless communication device 1400 may also include a powerbutton 1426 for turning the mobile wireless communication device 1400 onand off.

Other forms of computing devices may also benefit from the variousaspects. Such computing devices typically include the componentsillustrated in FIG. 15, which illustrates an example laptop computer1500. With reference to FIGS. 1A-15, the computer 1500 generallyincludes a processor 1501 coupled to volatile memory 1502 and a largecapacity nonvolatile memory, such as a disk drive 1503. The computer1500 may also include a compact disc (CD) and/or DVD drive 1504 coupledto the processor 1501. The computer 1500 may also include a number ofconnector ports coupled to the processor 1501 for establishing dataconnections or receiving external memory devices, such as a networkconnection circuit 1505 for coupling the processor 1501 to a network.The computer 1500 may also include a display 1507, a keyboard 1508, apointing device such as a trackpad 1510, and other similar devices.

Various embodiments may employ a computing device as a network elementof a communication network. Such network elements may typically includeat least the components illustrated in FIG. 16, which illustrates anexample network element, server device 1600. With reference to FIGS.1A-16, the server device 1600 may typically include a processor 1601coupled to volatile memory 1602 and a large capacity nonvolatile memory,such as a disk drive 1603. The server device 1600 may also include aperipheral memory access device such as a floppy disc drive, compactdisc (CD) or digital video disc (DVD) drive 1606 coupled to theprocessor 1601. The server device 1600 may also include network accessports 1604 (or interfaces) coupled to the processor 1601 forestablishing data connections with a network, such as the Internetand/or a local area network coupled to other system computers andservers. Similarly, the server device 1600 may include additional accessports, such as USB, Firewire, Thunderbolt, and the like for coupling toperipherals, external memory, or other devices.

The processors 1402, 1501, 1601 may be any programmable microprocessor,microcomputer or multiple processor chip or chips that can be configuredby software instructions (applications) to perform a variety offunctions, including the functions of the various aspects describedbelow. In some mobile devices, multiple processors 1402 may be provided,such as one processor dedicated to wireless communication functions andone processor dedicated to running other applications. Typically,software applications may be stored in the internal memory 1404, 1502,1602 before they are accessed and loaded into the processor 1402, 1501,1601. The processor 1402, 1501, 1601 may include internal memorysufficient to store the application software instructions.

Various embodiments may be implemented in any number of single ormulti-processor systems. Generally, processes are executed on aprocessor in short time slices so that it appears that multipleprocesses are running simultaneously on a single processor. When aprocess is removed from a processor at the end of a time slice,information pertaining to the current operating state of the process isstored in memory so the process may seamlessly resume its operationswhen it returns to execution on the processor. This operational statedata may include the process's address space, stack space, virtualaddress space, register set image (e.g., program counter, stack pointer,instruction register, program status word, etc.), accountinginformation, permissions, access restrictions, and state information.

A process may spawn other processes, and the spawned process (i.e., achild process) may inherit some of the permissions and accessrestrictions (i.e., context) of the spawning process (i.e., the parentprocess). A process may be a heavy-weight process that includes multiplelightweight processes or threads, which are processes that share all orportions of their context (e.g., address space, stack, permissionsand/or access restrictions, etc.) with other processes/threads. Thus, asingle process may include multiple lightweight processes or threadsthat share, have access to, and/or operate within a single context(i.e., the processor's context).

The foregoing method descriptions and the process flow diagrams areprovided merely as illustrative examples and are not intended to requireor imply that the blocks of various embodiments must be performed in theorder presented. As will be appreciated by one of skill in the art, theorder of blocks in the foregoing embodiments may be performed in anyorder. Words such as “thereafter,” “then,” “next,” etc. are not intendedto limit the order of the blocks; these words are simply used to guidethe reader through the description of the methods. Further, anyreference to claim elements in the singular, for example, using thearticles “a,” “an” or “the” is not to be construed as limiting theelement to the singular.

The various illustrative logical blocks, modules, circuits, andalgorithm blocks described in connection with the embodiments disclosedherein may be implemented as electronic hardware, computer software, orcombinations of both. To clearly illustrate this interchangeability ofhardware and software, various illustrative components, blocks, modules,circuits, and blocks have been described above generally in terms oftheir functionality. Whether such functionality is implemented ashardware or software depends upon the particular application and designconstraints imposed on the overall system. Skilled artisans mayimplement the described functionality in varying ways for eachparticular application, but such implementation decisions should not beinterpreted as causing a departure from the scope of the claims.

The hardware used to implement the various illustrative logics, logicalblocks, modules, and circuits described in connection with theembodiments disclosed herein may be implemented or performed with ageneral purpose processor, a digital signal processor (DSP), anapplication specific integrated circuit (ASIC), a field programmablegate array (FPGA) or other programmable logic device, discrete gate ortransistor logic, discrete hardware components, or any combinationthereof designed to perform the functions described herein. Ageneral-purpose processor may be a microprocessor, but, in thealternative, the processor may be any conventional processor,controller, microcontroller, or state machine. A processor may also beimplemented as a combination of communication devices, e.g., acombination of a DSP and a microprocessor, a plurality ofmicroprocessors, one or more microprocessors in conjunction with a DSPcore, or any other such configuration. Alternatively, some blocks ormethods may be performed by circuitry that is specific to a givenfunction.

In various embodiments, the functions described may be implemented inhardware, software, firmware, or any combination thereof. If implementedin software, the functions may be stored as one or more instructions orcode on a non-transitory computer-readable medium or non-transitoryprocessor-readable medium. The operations of a method or algorithmdisclosed herein may be embodied in a processor-executable softwaremodule, which may reside on a non-transitory computer-readable orprocessor-readable storage medium. Non-transitory computer-readable orprocessor-readable storage media may be any storage media that may beaccessed by a computer or a processor. By way of example but notlimitation, such non-transitory computer-readable or processor-readablemedia may include RAM, ROM, EEPROM, FLASH memory, CD-ROM or otheroptical disk storage, magnetic disk storage or other magnetic storagedevices, or any other medium that may be used to store desired programcode in the form of instructions or data structures and that may beaccessed by a computer. Disk and disc, as used herein, includes compactdisc (CD), laser disc, optical disc, digital versatile disc (DVD),floppy disk, and Blu-ray disc where disks usually reproduce datamagnetically, while discs reproduce data optically with lasers.Combinations of the above are also included within the scope ofnon-transitory computer-readable and processor-readable media.Additionally, the operations of a method or algorithm may reside as oneor any combination or set of codes and/or instructions on anon-transitory processor-readable medium and/or computer-readablemedium, which may be incorporated into a computer program product.

The preceding description of the disclosed embodiments is provided toenable any person skilled in the art to make or use the claims. Variousmodifications to these embodiments will be readily apparent to thoseskilled in the art, and the generic principles defined herein may beapplied to other embodiments without departing from the scope of theclaims. Thus, the present disclosure is not intended to be limited tothe embodiments shown herein but is to be accorded the widest scopeconsistent with the following claims and the principles and novelfeatures disclosed herein.

1. A computing device for dynamically altering a data set that is sharedbetween the computing device and a second computing device, comprising:a memory; and a processor coupled to the memory and configured withprocessor-executable instructions to perform operations comprising:determining whether a data set update trigger has occurred; generating ninstruction to alter the shared data set In response to determining thatthe data set update trigger has occurred; altering the shared data setstored in the memory according to the generated instruction, and sendingthe generated Instruction to a second computing device to alter theshared data set at the second computing device according to thegenerated instruction.
 2. The computing device of claim 1, wherein theprocessor is configured with processor-executable instructions toperform operations such that generating an instruction to alter theshared data set in response to determining that the data set updatetrigger has occurred comprises: generating an instruction to add a newportion to the shared data set based on data inputs received at thefirst computing device.
 3. The computing device of claim 1, wherein theprocessor is configured with processor-executable instructions toperform operations such that generating an instruction to alter theshared data set in response to determining that the data set updatetrigger has occurred comprises: generating an instruction to subtract aportion of the shared data set.
 4. The computing device of claim 1,wherein the processor is configured with processor-executableinstructions to perform operations such that generating an instructionto alter the shared data set in response to determining that the dataset update trigger has occurred comprises: generating an instruction tor-order the shared data set.
 5. The computing device of claim 1, whereinthe processor is configured with processor-executable instructions toperform operations such that generating an instruction to alter theshared data set in response to determining that the data set updatetrigger has occurred comprises: generating an instruction to transformthe shared data set.
 6. The computing device of claim 1, wherein theprocessor is configured with processor-executable instructions toperform operations further comprising: selecting elements from theshared data set stored in the memory; generating a rule set forextracting the selected elements from the shared data set; and sendingthe rule set to the second computing device.
 7. The computing device ofclaim 6, wherein the processor Is configured with processor-executableinstructions to perform operations further comprising: transforming theselected elements to generate a first result; receiving from the secondcomputing device a second result based on the rule set; determiningwhether the first result matches the second result; and determiningwhether the second computing device is authenticated based on whetherthe first result matches the second result. 8-15. (canceled)
 16. Amethod for dynamically altering a data set that is shared between afirst computing device and a second computing device, comprising:determining, by a processor of the first computing device, whether adata set update trigger has occurred; generating, by the processor, aninstruction to alter the shared data set In response to determining thatthe data set update trigger has occurred; altering, by the processor,the shared data set stored in the memory according to the generatedinstruction; and sending, by the processor, the generated instruction toa second computing device to alter the shared data set at the secondcomputing device according to the generated instruction.
 17. The methodof claim 16, further comprising: selecting, by the processor, elementsfrom the shared data set stored in the memory; generating, by theprocessor, a rule set for extracting the selected elements from theshared data set; and sending, by the processor, the rule set to thesecond computing device.
 18. The method of claim 17, further comprising:transforming, by the processor, the selected elements to generate afirst result; receiving, by the processor from the second computingdevice, a second result based on the rule set; determining, by theprocessor, whether the first result matches the second result; anddetermining, by the processor, whether the second computing device isauthenticated based on whether the first result matches the secondresult.
 19. The method of claim 17, wherein generating an instruction toalter the shared data set in response to determining that the data setupdate trigger has occurred comprises: generating an instruction to oneor more of add a new portion to the shared data set based on data inputsreceived at the first computing device, subtract a portion of the shareddata set, and re-order the shared data set.
 20. The method of claim 17,wherein generating an instruction to alter the shared data set inresponse to determining that the data set update trigger has occurredcomprises: generating an instruction to transform the shared data set.21. A non-transitory processor-readable storage medium having storedthereon processor-executable instructions configured to cause aprocessor of a computing device to perform operations for dynamicallyaltering a data set that is shared between the computing device and asecond computing device, comprising: determining whether a data setupdate trigger has occurred; generating an instruction to alter theshared data set in response to determining that the data set updatetrigger has occurred; altering the shared data set stored in the memoryaccording to the generated instruction; and sending the generatedinstruction to a second computing device to alter the shared data set atthe second computing device according to the generated instruction. 22.The non-transitory processor-readable storage medium of claim 21,wherein the stored processor-executable Instructions are configured tocause the processor to perform operations such that generating aninstruction to alter the shared data set in response to determining thatthe data set update trigger has occurred comprises: generating aninstruction to add a new portion to the shared data set based on datainputs received at the first computing device.
 23. The non-transitoryprocessor-readable storage medium of claim 21, wherein the storedprocessor-executable instructions are configured to cause the processorto perform operations such that generating an instruction to alter theshared data set in response to determining that the data set updatetrigger has occurred comprises: generating an instruction to subtract aportion of the shared data set.
 24. The non-transitoryprocessor-readable storage medium of claim 21, wherein the storedprocessor-executable instructions we configured to cause the processorto perform operations such that generating an Instruction to alter theshared data set In response to determining that the data set updatetrigger has occurred comprises: generating an instruction to re-orderthe shared data set.
 25. The non-transitory processor-readable storagemedium of claim 21, wherein the stored processor-executable instructionsare configured to cause the processor to perform operations such thatgenerating an instruction to alter the shared data set in response todetermining that the data set update trigger has occurred comprises:generating an instruction to transform the shared data set.
 26. Thenon-transitory processor-readable storage medium of claim 25, whereinthe stored processor-executable instructions are configured to cause theprocessor to perform operations further comprising: transforming theselected elements to generate a first result; receiving from the secondcomputing device a second result based on the rule set; determiningwhether the first result matches the second result; and determiningwhether the second computing device is authenticated based on whetherthe first result matches the second result.